CVE-2025-22224

N/A

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

N/A

VMware ESXi和VMware Workstation 安全漏洞

VMware ESXi和VMware Workstation都是美国威睿（VMware）公司的产品。VMware ESXi是一套可直接安装在物理服务器上的服务器虚拟化平台。VMware Workstation是一套虚拟机软件。该软件提供可以同时运行多个不同的操作系统的虚拟机功能。 VMware ESXi和VMware Workstation存在安全漏洞，该漏洞源于TOCTOU导致越界写入，可能允许沙箱逃逸。

N/A

N/A