Summary

Broadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.

Threat Topography

• Threat Type: Critical Vulnerabilities
• Industry: Virtualization
• Geolocation: Global

Overview

X-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities affect various VMware products, including vCenter Server, vRealize Operations Manager, and vCloud Director.

These vulnerabilities could allow attackers to launch various types of nefarious actions, potentially leading to data breaches, system compromise, and unauthorized access. Broadcom has patched the vulnerabilities with a new version of the affected products, urging users to update their systems as soon as possible.

Recommendations

Organizations using VMware products are advised to:

1. Immediately patch their systems with the latest version of the affected products.

2. Monitor system logs for any signs of suspicious activity.

3. Implement additional security measures, such as network segmentation and access controls.

References

1. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

2. https://www.bleepingcomputer.com/news/security/broadcom-fixes-three-vmware-zero-days-exploited-in-attacks/

3. https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html