Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
VMware ESXi Arbitrary Write Vulnerability

Known Exploited Vulnerabilities CVE-2025-22225

VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2025-22225	VMware ESXi Arbitrary Write Vulnerability	exploitation_technique	T1068	Exploitation for Privilege Escalation	Comments This vulnerability, present in VMWare ESXi, Workstation, and Fusion, allows an attacker with VMX process privileges to write in the kernel memory, triggering a sandbox escape. References https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 https://westoahu.hawaii.edu/cyber/vulnerability-research/vulnerabilities-weekly-summaries/attacks-on-vmware-esxi/#:~:text=all%20impacted%20products.- Exploitation of%20VMs%20compromising%20the%20host.
CVE-2025-22225	VMware ESXi Arbitrary Write Vulnerability	primary_impact	T1611	Escape to Host	Comments This vulnerability, present in VMWare ESXi, Workstation, and Fusion, allows an attacker with VMX process privileges to write in the kernel memory, triggering a sandbox escape. References https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 https://westoahu.hawaii.edu/cyber/vulnerability-research/vulnerabilities-weekly-summaries/attacks-on-vmware-esxi/#:~:text=all%20impacted%20products.- Exploitation of%20VMs%20compromising%20the%20host.