Hackers are already exploiting three critical zero-days affecting VMware ESXi virtualization software. Public scans reveal that as of March 5th, 2025, at least 41,450 servers and systems were exposed, leaving businesses worldwide vulnerable.
Cybernews previously reported that VMware ESXi, a virtualization software used to spin virtual machines for various services, is vulnerable to three newly discovered severe vulnerabilities. Hackers can use them to break out from a virtual machine and take over the whole host.
VMWare ESXi is commonly used in enterprise data centers, cloud computing applications, and corporate IT infrastructure.
ShadowServer Foundation, a nonprofit security organization, is tracking vulnerable ESXi instances.
Among 41,450 vulnerable and exposed ESXi instances, 4,400 are from China, 4,100 are running in France, and 3,800 were found in the US.
Then, 2,800 were found in Germany, 2,800 in Iran, 2,200 in Brazil, and 1,500 in South Korea. Over a thousand exposed systems are in Thailand, Vietnam, Canada, Turkey, Netherlands, and Argentina.
On March 6th, the total number of vulnerable instances decreased to 37,322 ESXi systems.
We are scanning & reporting out VMware ESXi CVE-2025-22224 vulnerable instances (undefineda malicious actor with local admin privileges on a virtual machine may exploit this to execute code as virtual machine's VMX process running on hostundefined). Nearly 41.5K found vulnerable on 2025-03-04.
undefined The Shadowserver Foundation (@shadowserver.bsky.social) March 5, 2025 at 10:00 PM
[image or embed]
Cybersecurity authorities worldwide are warning that threat actors are already exploiting critical flaws. The most dangerous of the three is a heap overflow vulnerability that enables “a malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.”
Broadcom, the owner of VMware, released patches for the affected products, including Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform, and recommends applying them. There are no other workarounds. Broadcom’s advisory can be found here.
The US Cybersecurity and Infrastructure Security Agency (CISA) urges federal agencies and other organizations to prioritize remediating the three vulnerabilities and reduce their exposure to cyberattacks.
Your email address will not be published. Required fields are markedmarked