Alert: VMware ESXi, Workstation, and Fusion Vulnerabilities

This message is intended for U-M IT staff who are responsible for university servers or other systems that are running VMWare.

Summary

VMware has issued a critical security advisory (VMSA-2025-0004) warning of three actively exploited vulnerabilities in its ESXi, Workstation, and Fusion products.

Problem

The vulnerability allows attackers to execute malicious code, escalate privileges, and/or leak sensitive memory data.

Threats

VMware by Broadcom has information to suggest that exploitation of these vulnerabilities has occurred in the wild.

Affected Systems

Details on affected systems and versions are found in the Response Matrix for VMSA-2025-0004:

  • VMware ESXi 8.0 
  • VMware ESXi 7.0 
  • VMware Workstation 17.x 
  • VMware Fusion 13.x 
  • VMware Cloud Foundation (both 4.5.x and 5.x)
  • VMware Telco Cloud Platform (5.x, 4.x, 3.x, 2.x) and Infrastructure (3.x, 2.x)

Action Items

VMware urges immediate patching for all affected products. See the Fixed Version column in the Response Matrix for VMSA-2025-0004 for details.

How We Protect U-M

ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.

Questions, Concerns, Reports

Please contact ITS Information Assurance through the ITS Service Center.

Sincerely,
ITS Information Assurance