Topics
Latest
AI
Amazon
Image Credits:Bryce Durbin / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Bryce Durbin / TechCrunch
Cloud Computing
mercantilism
Crypto
endeavor
EVs
Fintech
Fundraising
appliance
back
Government & Policy
computer hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
security department
societal
Space
startup
TikTok
transportation system
speculation
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
meet Us
U.S. technology giant Broadcom is admonish that a troika of VMware vulnerability are being actively exploited by malicious hackers to compromise the internet of its collective customer .
The three vulnerabilities — collectively dubbed “ ESXicape ” byone security researcher — affect VMware ESXi , Workstation , and Fusion , which are widely used software hypervisor product that allow multiple virtual machines to be managed on a single server . Hypervisors are commonly used to reduce the motivation to take up forcible host space .
Broadcom , which grow VMware in 2023 , said thatthe vulnerabilities(tracked as CVE-2025 - 22224 , CVE-2025 - 22225 , and CVE-2025 - 22226 ) could allow for an assaulter with administrator or theme privileges on a practical car to escape its protected sandpit and gain broader unauthorized access to the underlying hypervisor production .
With access to the hypervisor , an attacker can advance admittance to any other practical machine , including virtual systems owned by other companies within the same forcible data center .
Broadcom says it has “ information to suggest ” that the exposure have been exploited in the state of nature .
“ The shock here is vast , an attacker who has compromised a hypervisor can go on to compromise any of the other practical machines that share the same hypervisor , ” Stephen Fewer , chief security researcher at threat intelligence company Rapid7 , told TechCrunch .
Broadcom did not share any detail about the nature of the onslaught or the menace doer behind them and did not say whether any customer data had been access . A representative for Broadcom did not answer to TechCrunch ’s questions . Microsoft , which see and report the vulnerabilities to Broadcom , also did n’t respond by press time .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Security researcher Kevin Beaumont say ina post on Mastodonthat the three vulnerability are actively being exploited by an as - yet - nameless ransomware group .
VMware exposure are ofttimes place by ransomware groups due to their ability to be exploited to compromise multiple waiter during a individual attack , and given that sensitive incorporated data is often store in these virtualized environments .
Microsoftdiscovered in 2024that multiple ransomware group were exploiting a VMware hypervisor defect in attacks deploy Black Basta and LockBit ransomware in data point - steal political campaign targeting corporate data . The old year , a large - scurf hacking campaign , dubbed “ ESXiArgs , ” saw ransomware chemical group work a two - twelvemonth - previous VMware vulnerability to target yard of organizations worldwide .
Broadcom has released speckle for the three vulnerabilities , which are classed as“zero - day ” bugsdue to the fact they were exploited before a fix was made available . Broadcom line its security measure advisoryas an “ emergency ” changeand is urging customers to apply the patches as soon as potential .
U.S. administration cybersecurity agency CISA is alsowarningfederal agency to patch against the bugs , which it has add to its run catalogue of vulnerabilities live to be under attack .
