CISA has released four new vulnerabilities based on evidence of active exploitation.

• CVE-2024-50302 – Linux Kernel Use of Uninitialized Resource Vulnerability
• CVE-2025-22225 – VMware ESXi Arbitrary Write Vulnerability
• CVE-2025-22224 – Vmware ESXi and Workstation TOCTOU Race Condition Vulnerability
• CVE-2025-22226 – Vmware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

• CVE-2024-50302 – System Affected
• CVE-2025-22225 – Systems Affected
• CVE-2025-22224 – Systems Affected
• CVE-2025-22226 – Systems Affected

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

CVE-2025-22224 – VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

CVE-2025-22226 – VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious Actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. Apply mitigations per vendor instructions, follow applicable BOD 22-1 guidance and requirements of Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities. See the BOD 22-01 Fact Sheet for more information. for cloud services, or discontinue use of the affected product if mitigations are unavailable