CVE-2025-22226 is a VMware information disclosure vulnerability affecting ESXi, Workstation, and Fusion. CISA added it to the Known Exploited Vulnerabilities catalog on 2025-03-04, so defenders should treat it as an urgent remediation item rather than a routine patch task. The supplied corpus does not provide affected versions, a CVSS score, or a detailed attack path, so validation should start with the v [truncated]
CVE-2024-38812 is a VMware vCenter Server heap-based buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-11-20. Because it is listed in KEV, defenders should treat it as actively exploited and prioritize vendor-directed mitigations or remediation immediately. CISA’s due date for remediation in the KEV catalog is 2024-12-11.
CVE-2024-37085 is a VMware ESXi authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-07-30. The KEV entry marks it as having known ransomware campaign use, which makes this a high-priority issue for any organization running ESXi. The supplied authoritative sources direct defenders to apply vendor mitigations or discontinue use of the product if mitigat [truncated]
