本周，VMware 发布了针对其 ESXi 服务器等重要产品的安全更新，旨在修补多个潜在的安全风险。这一行动紧随 3 月 4 日 VMware 发布的安全公告 VMSA-2025-0004，公告中警示了三个被标记为 0-day 的安全漏洞，分别是 ...

截至 3 月 4 日，美国约有 3800 台未打补丁的 VMware ESXi 服务器。数据显示，漏洞服务器数量在 3 月 4 日至 7 日期间出现波动，先下降后上升，这一现象可能由于管理员在收到警告后暂时将服务器下线所致。

这项漏洞藏身于VMware的虚拟机通信接口（VMCI）中，黑客通过拥有虚拟机的本地管理权限便可执行代码，威胁到宿主机的安全。问题源于TOCTOU（即检查时间与使用时间之间的竞态条件），导致了越界写入。

Broadcom发布了安全更新，以修复VMware ESX产品中的三个0Day漏洞。这些漏洞分别被标识为CVE-2025-22224、CVE-2025-22225和CVE-2025-22226，影响了多个VMware ESX产品，包括VMware ...

Broadcom has patched three vulnerabilities in the VMware ESXi hypervisor and related products, with Microsoft reporting the ...

Over 37,000 internet-exposed VMware ESXi instances are vulnerable to CVE-2025-22224, a critical out-of-bounds write flaw that ...

博通旗下VMware本周发布了重要的安全更新，针对VMware ESXi服务器、Workstation和Fusion等产品，修复了多个安全漏洞。此次更新涉及三个0-day漏洞 (CVE-2025-22224、CVE-2025-22225和CVE-2025-22226)，其中CVE-2025-22224已被黑客利用发起攻击。VMware强烈建议用户尽快安装补丁以避免潜在风险。

A year after VMware ESXi servers faced ransomware attacks, new zero-day vulnerabilities are being exploited, posing risks to ...

Some customers have been unable to download the patches for three VMware zero-day vulnerabilities due to an issue with the ...

Security researchers warn that despite ongoing attacks, more than 40,000 instances worldwide are still unpatched. Germany is ...

Microsoft spotted and reported to Broadcom all three bugs, which can be chained together to escape a guest virtual machine ...