CVE-2025-22226: VMware ESXi, Workstation, and Fusion Information Disclosure
VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability. VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process.
- CISA KEV-listed (remediation due 2025-03-25)
- EPSS 4.2% (89.0% percentile)