THREATOPS
THREAT OPSCVEs › CVE-2025-22226

CVE-2025-22226 — VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

CISA KEVExploited: confirmedVMware

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Vulnerability details