Techly NewsGet the app

Get the latest tech news

Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation


Security experts warn of ‘huge impact’ of actively exploited hypervisor flaws that allow sandbox escape

The three vulnerabilities — collectively dubbed “ESXicape” by one security researcher — affect VMware ESXi, Workstation, and Fusion, which are widely-used software hypervisor products that allow multiple virtual machines to be managed on a single server. Broadcom, which acquired VMware in 2023, said that the vulnerabilities(tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) could allow an attacker with administrator or root privileges on a virtual machine to escape its protected sandbox and gain broader unauthorized access to the underlying hypervisor product. VMware vulnerabilities are frequently targeted by ransomware groups due to their ability to be exploited to compromise multiple servers during a single attack, and given that sensitive corporate data is often stored in these virtualized environments.

Get the Android app

Or read this on TechCrunch

Read more on:

Photo of VMware

VMware

Photo of Emergency

Emergency

Photo of day bugs

day bugs

Related news:

News photo

Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate

News photo

VMware splats guest-to-hypervisor escape bugs already exploited in wild

News photo

Broadcom fixes three VMware zero-days exploited in attacks

« Apply to speak at TechCrunch Sessions: AI before time runs out
The Planemaker Who Walked Beneath the Water »