Broadcom patches actively exploited vulnerabilities in VMware products

Exploited VMware flaws trigger urgent Broadcom patch release

In March 2025, Broadcom released critical patches for three zero-day vulnerabilities in VMware products, including VMware ESXi, Workstation, and Fusion. These flaws, identified as CVE-2024-22274,^[1] CVE-2024-22275,^[2] and CVE-2024-22276,^[3] were already being exploited by attackers in real-world scenarios, making them a serious threat. Broadcom’s security advisory says:^[4]

Updates are available to remediate these vulnerabilities in affected VMware products.

These vulnerabilities allow attackers with high-level access inside a virtual machine to break out of its sandbox and target the hypervisor – the software that manages all virtual machines on a system. If successful, attackers could steal sensitive data, disrupt operations, or take full control of the host. The Microsoft Threat Intelligence Center first spotted these issues, showing how vital it is to stay proactive in cybersecurity.

This news affects many users because VMware ESXi is common in data centers, while Workstation and Fusion are popular on desktops and Macs. Broadcom acted quickly to release fixes, but the responsibility now falls on users to apply them. The scale of the problem and the active exploitation make this a top priority for IT teams everywhere.

Inside the VMware ESXi security risks

The three vulnerabilities fixed by Broadcom have specific names and risks. CVE-2025-22224 is a “Time-of-Check Time-of-Use” flaw that lets an attacker with admin rights in a virtual machine write outside its allowed memory, running harmful code on the host. CVE-2025-22225 is an “arbitrary write” issue that also helps attackers escape the sandbox. CVE-2025-22226 allows attackers to read hidden memory, leaking sensitive data from the system.

For these attacks to work, an attacker needs administrative access (like “root”) inside a virtual machine first. From there, they can chain the flaws together to move from the virtual machine to the hypervisor. This could let them steal data, disrupt systems, or install more malware, making it a dangerous threat.

Since the affected products are common in businesses and IT setups, the vulnerabilities could impact many users. Broadcom confirmed that attackers were already exploiting these flaws before the patches were released.

It's worth noting that numerous ransomware cybercriminal gangs, such s Helldown and Play,^[5] are known to exploit VMware environments to infect systems with malware.

Steps to secure your VMware systems

Broadcom has released patches to fix these vulnerabilities, so users should visit the Broadcom website to download and install the updates as soon as possible. Waiting too long could leave systems open to attacks, especially since hackers are already using these flaws.

Beyond patching, it’s smart to secure virtual machines properly. Limit who gets admin rights, watch for unusual activity, and keep all software updated. These steps can make it harder for attackers to start an exploit, even if they find a way into your system.

For extra protection, companies should also use tools like network segmentation (to keep systems separate) and intrusion detection (to spot threats early). By acting quickly and following these tips, VMware users can lower the risk of attacks and keep their data and systems safe from this serious vulnerability.