Us technology giant broadom is warning that a trio of VMWARE VULNEBILITIES ARECE ACTIVELY EXPLIED BYING by MALICIOUS HACKERS to Compromise the Networks of Its CORPORETE CUSTMORETE CUSTORES
The three vulnerabilites – collectively dubbed “esxicape” by One Security Researcher -Affect VMWARE ESXI, Workstation, and Fusion, which are widely-used software hypervisor products that allowed allow multiple virtual Machines to be managed on a single server. Hypervisors are commonly used to reduce the need to take up physical server space.
Broadcom, which acqured vmware in 2023, said that The Vulnerabilites (Tracked as cve-2025-22224, cve-2025-22225, and cve-2025-22226) Cold Allow an attacker with administer or root privileges Sandbox and Gain Broader Unauthorized Access to the Underling Hypervisor Product.
With access to the hypervisor, an attacker can gain access to any other virtual machine, including virtual systems owned by Other Companis with the Same Physical Data Center.
Broadcom says it has “information to sugges” that vulnerabilites have been exploited in the wild.
“The impact here is huge, an attacker who has compromised a hypervisor can go on to compromise any of the other virtual machines that share the same hypervisor,” Stephen Fewer, PRINCUNI FEWER, PRINCUTY SECURITY SECTY RESERACERCE At Threat Intelligence Company Rapid7, Told Techcrunch.
Broadcom did not share any details about the nature of the attackers or the threat actors behind them and did not say whather any customer data has been accessed. A spokesperson for broadom did not respond to techcrunch’s questions. Microsoft, which discovered and reported the vulnerability to broadom, also didn’t respond by press time.
Security Researcher kevin beaumont said in A post on mastodon That the three vulnerabilitys are actively being exploited by an as-yet-unled ransomware group.
Vmore vulnerabilites are frequent targeted by ransomware groups due to their ability to be exploited to compromise multiple servers during a single attack, and givestivate datis data Often stored in these virtualized environments.
Microsoft Discovered in 2024 That Multiple Ransomware Groups were exploiting a vmware hypervisor flw in attacks deplying black Basta and Lockbit Ransomware in Data-Stealing Campaigns corporate data. The Previous Year, a large-scale hacking campaignDubbed “Esxiargs,” Saw Ransomware Groups Exploit a Two-YAR -LD VMWARE VULNerability to target Thousands of Organizations Worldwide.
Broadcom has released patches for the three vulnerability, which are classed as “Zero-Day” Bugs due to the fact they were exploited before a fixed was made available. Broadcom described its security advisory As an “emergency” change And is urging customers to apply the patches as soon as possible.
Us government cybersecurity agency cisa is also Warning Federal agencies to patch against the bugs, which it has added to its running catalog of vulnerabilityes know to be under attend.