US technology Giant Broadcom warns that a trio of VMware vulnerable points is actively exploiting by malicious hackers to endanger the networks of its corporate customers.
The three vulnerabilities – called collectively “esxicape” by A security researcher – They affect VMware Esxi, workstation and fusion, which are widely used Hypervisor Software products that allow multiple virtual machines to manage on a single server. Hypervisors are usually used to reduce the need to take the physical server.
Broadcom, who acquired VMware in 2023, said that the vulnerabilities (monitored as CVE-2025-22224, CVE-2025-22225 and CVE-2025-22226) could allow an invader with administrator or radical privileges in a virtual machine to escape its protected Sandbox and gain wider non-authorized access to the underlying product.
By accessing Hypervisor, an intruder can access any other virtual machine, including virtual systems belonging to other companies in the same natural data center.
Broadcom says it has “information to indicate” that the vulnerabilities have exploited in the wild.
“The impact here is huge, an attacker who has compromised an over -up -to -date can continue to endanger any of the other virtual machines that share the same hyperlink,” Stephen Lesser, a key security researcher at Techcrunch, told TechCrunch.
Broadcom did not share details of the nature of the attacks or actors threat behind them and did not say if they had access to customer data. A Broadcom spokesman did not answer TechCrunch questions. Microsoft, who discovered and mentioned the vulnerabilities in Broadcom, did not respond from the press time.
Security researcher Kevin Beaumont said to A post on Mastodon That the three vulnerabilities actively exploit a ransomware group that is not set.
VMware vulnerabilities are often targeted by ransomware groups because of their ability to exploit multiple servers during a single attack and since sensitive corporate data are often stored in these virtual environments.
Microsoft Discovered in 2024 That multiple ransomware groups were taking advantage of a Hypervisor VMware defect in attacks that develop Black Basta and Lockbit Ransomware in data theft campaigns targeted by corporate data. Last year, a large -scale hacking campaign called “Esxiargs” saw ransomware groups exploit a two -year vulnerability of thousands of organizations worldwide.
Broadcom has released patches for the three vulnerabilities, which are classified as “zero day” errors due to the fact that they exploited before a solution was made. Broadcom described its security tip As a change of “emergency” and urges customers to apply patches as soon as possible.
The US Government Security Service in cyberspace CISA is also warning Federal services to repair the errors, which it has added to the list of vulnerabilities that are known to be in attack.
