Date: 2025-03-06 Updated: 2025-04-08 Vulnerabilities announced in VMware including at least one which is CRITICAL risk.
EGI SVG ID : EGI-SVG-2025-03
CVE ID : CVE-2025-22224, CVE-2025-22225, CVE-2025-22226
CVSS Score : 9.3 [R 1], [R 2]
Sites and services deploying VMware are recommended to update if they have not done so already, according to instructions by the software provider.
EGI SVG is unsure how widely VMware is used in our infrastructure.
If anyone becomes aware of any situation where this vulnerability has a significant impact on the EGI infrastructure then please inform EGI SVG.
It has been noted in The Hacker News [R 3] that this vulnerability is being exploited.
TLP:CLEAR information - Unlimited distribution
https://advisories.egi.eu/Advisory-EGI-SVG-2025-03
https://advisories.egi.eu/Advisory-SVG-CVE-2025-22224
https://advisories.egi.eu/Advisory-SVG-CVE-2025-22225
https://advisories.egi.eu/Advisory-SVG-CVE-2025-22226
Minor updates may be made without re-distribution to the sites.
This advisory is subject to the Creative Commons licence
https://creativecommons.org/licenses/by/4.0/ and
the EGI (https://www.egi.eu/) Software Vulnerability Group
must be credited. ---
Comments or questions should be sent to svg-rat at mailman.egi.eu
Vulnerabilities relevant for EGI can be reported at report-vulnerability at egi.eu
(see [R 99] for further details, and other information on SVG)
[R 3] https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html
[R 99] https://confluence.egi.eu/display/EGIBG/SVG+Advisories
SVG was alerted to this vulnerability by James Hannah