CVE-2025-22224

ENISA EUVD: EUVD-2025-7603 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 7 articles

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

46.8%

probability

This CVE has a 46.8% probability of being exploited in the next 30 days.

0% Top 97.7th percentile of all CVEs 100%

CVSS v3.1

Source: NVD

9.3

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Description

NVD

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Affected Products

vmware

esxi

vmware

cloud foundation

vmware

telco cloud infrastructure

vmware

telco cloud platform

vmware

workstation

Attack Intelligence

CWE-362 · Race Condition CWE-367 · Time-of-check Time-of-use (TOCTOU) Race Condition CWE-691 · Insufficient Control Flow Management

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224

US Government Resource

Signal Intelligence

Confidenceⓘ

92%

EPSS 46.8%

CVSS v3.1 9.3

Mentions 7

Last Seen Jan 09, 2026

CNA Information

Analyst Note

CVE-2025-22224 meets zero-day criteria: exploitation in the wild is explicitly documented by multiple authoritative sources (Chinese hackers exploiting since October 2024), occurring well before the March 4, 2025 public disclosure and patch date. Articles explicitly label this as a zero-day, and timing evidence shows active attacks preceded vendor remediation.