VMware has released a security update to address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) found in various VMware products, including but not limited to ESXi, Workstation, Fusion.

Affected Systems

The affected systems include, but not limited to:

• VMware ESXi versions: 7.0 prior to 7.0 Update 3s, 8.0 Update 2 prior to 8.0 Update 2d, or 8.0 Update 3 prior to 8.0 Update 3d.

• VMware Workstation versions 17.x prior to 17.6.3.

• VMware Fusion 13.x prior to 13.6.3.

Security Risks

Successful exploitation of the vulnerability may lead to attackers gaining unauthorized access to the host system from a compromised virtual machine, bypassing security controls and potentially resulting in full system compromise.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow VMware Security Advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible.
  The released software versions to upgrade to are, but are not limited to:

• VMware ESXi versions 7.0 Update 3s, 8.0 Update 2d, or 8.0 Update 3d or later: running on any platform.

• VMware Workstation version 17.6.3 or later: running on any platform.

• VMware Fusion Version 13.6.3 or later: running on any platform.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• VMware Security Advisory VMSA-2025-0004

• VMware Security Advisory