Critical VMware ESXi updates to address multiple security vulnerabilities

Written by Kyocera Document Solutions ANZ | Mar 5, 2025 10:00:00 PM

VMware has released an update to patch multiple security vulnerabilities for their products VMware ESXi, Workstation and Fusion. These are listed as CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 with a severity classification as critical.

VMware Product	Version	Running On	CVE	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U3d-24585383	None	FAQ
VMware ESXi	8.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi80U3d-24686300	None	FAQ
VMware ESXi	7.0	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	ESXi70U3s-24585291	None	FAQ
VMware Workstation	17.x	Any	CVE-2025-22224, CVE-2025-22226	9.3, 7.1	Critical	17.6.3	None	FAQ
VMware Fusion	13.x	Any	CVE-2025-22226	7.1	Important	13.6.3	None	FAQ
VMware Cloud Foundation	5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi80U3d-24585383	None	Async Patching Guide: KB88287
VMware Cloud Foundation	4.5.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	Async patch to ESXi70U3s-24585291	None	Async Patching Guide: KB88287
VMware Telco Cloud Platform	5.x, 4.x, 3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB395385	None	FAQ
VMware Telco Cloud Infrastructure	3.x, 2.x	Any	CVE-2025-22224, CVE-2025-22225, CVE-2025-22226	9.3, 8.2, 7.1	Critical	KB395385	None	FAQ

Please Note: If you are using 3rd party applications like Zerto Replication, then you will need to wait until these updates are supported before patching.

Huon IT strongly recommends that you action and update where appropriate immediately.

View full post