{"id":210105,"date":"2026-02-04T12:38:00","date_gmt":"2026-02-04T17:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/04\/vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/"},"modified":"2026-02-04T18:20:37","modified_gmt":"2026-02-04T23:20:37","slug":"vmware-esxi-flaw-now-exploited-in-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/04\/vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/","title":{"rendered":"VMware ESXi flaw now exploited in ransomware attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/\">VMware ESXi flaw now exploited in ransomware attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-04 12:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was previously used in zero-day attacks.<\/p>\n<p>Broadcom patched this ESXi arbitrary-write vulnerability (tracked as CVE-2025-22225) in March 2025 alongside a memory leak (CVE-2025-22226) and a TOCTOU flaw (CVE-2025-22224), and tagged them all as actively exploited zero-days.<\/p>\n<p>&#8220;A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox,&#8221; Broadcom said about the CVE-2025-22225 flaw.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/Securing-AI-Agents-970x250.png\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>At the time, the company said that the three vulnerabilities affect VMware ESX products, including VMware ESXi, Fusion, Cloud Foundation, vSphere, Workstation, and Telco Cloud Platform, and that attackers with privileged administrator or root access can chain them to escape the virtual machine&#8217;s sandbox.<\/p>\n<p>According to a report published last month by cybersecurity company Huntress, Chinese-speaking threat actors have likely been chaining these flaws in sophisticated zero-day attacks since at least February 2024.<\/p>\n<h2>Flagged as exploited in ransomware attacks<\/h2>\n<p>In a Wednesday update to its list of vulnerabilities exploited in the wild, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said CVE-2025-22225 is now known to be used in ransomware campaigns but didn&#8217;t provide more details about these ongoing attacks.<\/p>\n<p>CISA first\u00a0<span style=\"box-sizing:border-box; margin:0px; padding:0px\">added the flaw\u00a0to its Known Exploited Vulnerabilities (KEV) catalog in March 2025 and ordered federal agencies to secure their systems\u00a0<\/span>by March 25, 2025, as mandated by Binding Operational Directive (BOD) 22-01.<\/p>\n<p>&#8220;Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable,&#8221; the cybersecurity agency says.<\/p>\n<p>Ransomware gangs and state-sponsored hacking groups often target VMware vulnerabilities because VMware products are widely&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware ESXi flaw now exploited in ransomware attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks\/ Publish Date: 2026-02-04 12:38:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210106,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2024\/11\/18\/VMware.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-210105","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210105"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210105"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210105\/revisions"}],"predecessor-version":[{"id":210107,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210105\/revisions\/210107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210106"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210105"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}