Alert: VMware ESXi, Workstation, and Fusion Vulnerabilities
This message is intended for U-M IT staff who are responsible for university servers or other systems that are running VMWare.
Summary
VMware has issued a critical security advisory (VMSA-2025-0004) warning of three actively exploited vulnerabilities in its ESXi, Workstation, and Fusion products.
Problem
The vulnerability allows attackers to execute malicious code, escalate privileges, and/or leak sensitive memory data.
Threats
VMware by Broadcom has information to suggest that exploitation of these vulnerabilities has occurred in the wild.
Affected Systems
Details on affected systems and versions are found in the Response Matrix for VMSA-2025-0004:
- VMware ESXi 8.0
- VMware ESXi 7.0
- VMware Workstation 17.x
- VMware Fusion 13.x
- VMware Cloud Foundation (both 4.5.x and 5.x)
- VMware Telco Cloud Platform (5.x, 4.x, 3.x, 2.x) and Infrastructure (3.x, 2.x)
Action Items
VMware urges immediate patching for all affected products. See the Fixed Version column in the Response Matrix for VMSA-2025-0004 for details.
How We Protect U-M
ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.
Questions, Concerns, Reports
Please contact ITS Information Assurance through the ITS Service Center.
Sincerely,
ITS Information Assurance
References
- VMSA-2025-0004: VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 (Broadcom, 3/4/25)
- VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code (Cyber Security News, 3/4/25)
- Three VMware Vulnerabilities Actively Exploited in the Wild (Cyber Kendra, 3/4/25)