CVE-2025-22226

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 7 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

4.23%

probability

This CVE has a 4.23% probability of being exploited in the next 30 days.

0% Top 88.9th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-125 · Out-of-bounds Read CWE-664 · Improper Control of a Resource Through its Lifetime

VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

TheHackerNews

Chinese hackers exploiting VMware zero-day since October 2024

BleepingComputer Sep 30, 2025

Broadcom fixes three VMware zero-days exploited in attacks

BleepingComputer Mar 04, 2025

VMware ESXi zero-days likely exploited a year before disclosure

BleepingComputer Jan 08, 2026

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations

Qualys May 08, 2025

China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

TheHackerNews Jan 09, 2026

Security Advisory 2025-005

CERT-EU Mar 05, 2025

Signal Intelligence

Confidenceⓘ

85%

EPSS 4.23%

Mentions 7

Last Seen Jan 09, 2026

CNA Information

Analyst Note

CVE-2025-22226 meets zero-day criteria: published 2025-03-04 with exploitation in the wild documented since October 2024 (months before patch), explicitly named as 'zero-day' in multiple authoritative sources (BleepingComputer, TheHackerNews), and attributed to Chinese-linked threat actors. Exploitation clearly preceded patch availability.