Um ... We don't talk about VMware much here.
Except what a good idea it is to get off VMware.
Here's your latest reason.
This is surreal.
https://support.broadcom.com/web/ec...-/external/content/SecurityAdvisories/0/25390
It's a total own of the hypervisor, and all you need is Admin in a Windows guest. Like that's even a roadblock.
See how those stack together? You can execute in VMX, modify it, and read back.
Owned.
Patch today. And get off VMware.
Except what a good idea it is to get off VMware.
Here's your latest reason.
This is surreal.
https://support.broadcom.com/web/ec...-/external/content/SecurityAdvisories/0/25390
It's a total own of the hypervisor, and all you need is Admin in a Windows guest. Like that's even a roadblock.
- (CVE-2025-22224) A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
- (CVE-2025-22225) A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
- (CVE-2025-22226) A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
See how those stack together? You can execute in VMX, modify it, and read back.
Owned.
Patch today. And get off VMware.
