EXPLOITATION IN THE WILD LIKELY Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate Just one compromised VM can make all other VMs on that hypervisor sitting ducks. Dan Goodin Mar 4, 2025 4:33 pm | 16 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreThree critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers networks, the company and outside researchers warned Tuesday.The class of attack made possible by exploiting the vulnerabilities is known under several names, including hyperjacking, hypervisor attack, or virtual machine escape. Virtual machines often run inside hosting environments to prevent one customer from being able to access or control the resources of other customers. By breaking out of one customers isolated VM environment, a threat actor could take control of the hypervisor that apportions each VM. From there, the attacker could access the VMs of multiple customers, who often use these carefully controlled environments to host their internal networks.All bets offIf you can escape to the hypervisor you can access every system, security researcher Kevin Beaumont said on Mastodon. If you can escape to the hypervisor, all bets are off as a boundary is broken. He added: With this vuln youd be able to use it to traverse VMware managed hosting providers, private clouds orgs have built on prem etc.VMware warned Tuesday that it has evidence suggesting the vulnerabilities are already under active exploitation in the wild. The company didn't elaborate. Beaumont said the vulnerabilities affect every supported (and unsupported) version in VMwares ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform product lines.The vulnerabilities are:CVE-2025-22224, a heap overflow in the Virtual Machine Communication Interface, with a severity rating of 9.3 out of a possible 10CVE-2025-22225, an arbitrary write vulnerability, with a severity of 8.2CVE-2025-22226, an information-disclosure vulnerability in the host-guest file system, with a severity of 7.1The VMware advisory didnt classify the vulnerabilities as being remotely exploitable, a condition that would have raised the already high severity ratings. Beaumont and others, however, said that that distinction could be misleading because you don't need to be locally at a VM to do the attack, you can do it over the internet if you have access to any VM. In other words, if any customer with a VM inside a vulnerable hosting environment is compromised, an attacker might be able to take control of the host environment hypervisor.Given hypervisors will often have multiple customers/projects/security zones on, this class of vulnerability is very bad news, one Mastodon user wrote. A customer doing a bad job of securing just one VM puts every other VM on that hypervisor at risk as long as there is a VM escape vuln in the hypervisor.All three vulnerabilities were reported to Broadcom by Microsoft Threat Intelligence Center. The US Cybersecurity and Infrastructure Security Agency has already added all three to its list of Known Exploited Vulnerabilities.The exploitation of vulnerabilities in virtual machine software has been one of the most common ways threat actors working for both nation-states and crime syndicates have gained entry into some of the worlds most sensitive networks. Any organization that relies on any of the affected products should investigate thoroughly and ensure their networks are safe from this threat.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 16 Comments