CVE-2025-22226MEDIUM 6.0CISA KEVEPSS p73.9%

CVE-2025-22226VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

VMware / ESXi, Workstation, and Fusion

Description

VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.

Scoring

CVSS 3.16.0 (MEDIUM)
VectorCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
EPSS1.68% probability of exploitation · percentile 73.9% · 2026-06-18T12:00:27Z
Published2025-03-04
Last modified2025-10-30

CISA KEV entry

Added to KEV: 2025-03-04

Underlying weaknesses· 1

CWE-125

References

  1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
  2. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226

1

TypeTargetConfidenceTier
WeaknessOut-of-bounds Readcwe-1250%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryVMware ESXi, Workstation, and Fusion Information Disclosure Vulnerabilitykev-cve-2025-222260%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-41238
CVE
CVE-2025-41237
CVE
VMware ESXi Arbitrary Write Vulnerability
CVE
CVE-2025-41236
CVE
VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE
CVE-2026-42972
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.