Listen to this Post
Broadcom has issued a warning to customers regarding three zero-day vulnerabilities in VMware products, which are being actively exploited in attacks. These vulnerabilities were reported by the Microsoft Threat Intelligence Center. The affected products include VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform.
Vulnerabilities:
- CVE-2025-22224
- CVE-2025-22225
- CVE-2025-22226
Source: Broadcom VMware Zero-Day Advisory
You Should Know:
To protect your systems from these vulnerabilities, consider the following commands and practices:
1. Check VMware Version:
vmware -v
This command will display the current version of VMware installed on your system.
2. Update VMware ESXi Host:
esxcli software profile update -p ESXi-6.7.0-20250504001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Replace the profile name with the appropriate one for your version.
3. Check for Patches:
esxcli software vib list
This command lists all installed VIBs (VMware Installation Bundles) and helps you identify if the necessary patches are applied.
4. Disable Vulnerable Services:
esxcli system services list esxcli system services set --enabled=false --service=<service_name>
Disable any services that are not essential to reduce the attack surface.
5. Enable Logging for Suspicious Activities:
esxcli system syslog config set --loghost=<syslog_server_ip> esxcli system syslog reload
This will forward logs to a centralized syslog server for monitoring.
6. Firewall Rules to Restrict Access:
esxcli network firewall ruleset set --ruleset-id=<ruleset_id> --enabled=true esxcli network firewall refresh
Enable firewall rules to restrict access to only trusted IPs.
7. Check for Open Ports:
netstat -tuln
This command will list all open ports on your system.
8. Monitor System Logs:
tail -f /var/log/vmware/hostd.log
Continuously monitor the hostd.log for any unusual activities.
9. Backup Configuration:
vim-cmd hostsvc/firmware/backup_config
Regularly backup your VMware ESXi configuration.
10. Apply Security Hardening Guidelines:
Refer to VMware’s official security hardening guide for ESXi: VMware Security Hardening Guide
What Undercode Say:
The discovery of these zero-day vulnerabilities in VMware products highlights the importance of keeping your systems up-to-date and applying security patches promptly. Regularly monitoring your systems, applying security best practices, and staying informed about the latest threats are crucial steps in maintaining a secure environment. The provided commands and practices should help you mitigate the risks associated with these vulnerabilities. Always ensure that your systems are running the latest versions and that unnecessary services are disabled to minimize potential attack vectors.
For further reading and updates, refer to the official VMware security advisories and the Broadcom VMware Zero-Day Advisory linked above. Stay vigilant and proactive in your cybersecurity efforts.
References:
Reported By: Hussein Aissaoui – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
