CISA Warns of VMware ESXi Flaw Exploited in Ransomware Attacks: A Critical Vulnerability in Modern IT Infrastructure
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a high-severity vulnerability in VMware ESXi that has been exploited in ransomware attacks. This flaw, tracked as CVE-2025-22225, allows malicious actors to escape the sandbox and trigger arbitrary kernel writes, potentially leading to severe security breaches.
The vulnerability was patched by Broadcom in March 2025, but it was already being actively exploited by threat actors since at least February 2024, according to a report by Huntress. Chinese-speaking hackers have been chaining these flaws in sophisticated zero-day attacks, highlighting the urgent need for organizations to patch their systems.
CISA's Known Exploited Vulnerabilities (KEV) catalog now includes CVE-2025-22225, and federal agencies have been ordered to secure their systems by March 25, 2025. The agency emphasizes the importance of applying vendor mitigations, following cloud service guidance, or discontinuing the use of the product if necessary.
Ransomware gangs and state-sponsored hacking groups often target VMware vulnerabilities due to the widespread deployment of VMware products in enterprise systems. For instance, CISA recently ordered government agencies to patch a high-severity vulnerability in VMware Aria Operations and VMware Tools, which Chinese hackers have exploited since October 2024.
Additionally, CISA has tagged a critical VMware vCenter Server vulnerability (CVE-2024-37079) as actively exploited and ordered federal agencies to secure their servers by February 13. GreyNoise reported that CISA silently tagged 59 security flaws as known to be used in ransomware campaigns last year alone, underscoring the ongoing threat landscape.
The rapid evolution of IT infrastructure presents challenges for manual workflows, making automation and intelligent workflows essential for maintaining security and efficiency. Organizations must stay vigilant and proactive in addressing these vulnerabilities to safeguard their sensitive data and systems.
