Advisory 82: CISA Adds Four Known Exploited Vulnerabilities
Release Date: 04th of March 2025
Impact : HIGH / CRITICAL
TLP Rating: Clear
CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.
What is it?
CISA has released four new vulnerabilities based on evidence of active exploitation.
- CVE-2024-50302 – Linux Kernel Use of Uninitialized Resource Vulnerability
- CVE-2025-22225 – VMware ESXi Arbitrary Write Vulnerability
- CVE-2025-22224 – Vmware ESXi and Workstation TOCTOU Race Condition Vulnerability
- CVE-2025-22226 – Vmware ESXi, Workstation, and Fusion Information Disclosure Vulnerability
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
What are the Systems affected?
- CVE-2024-50302 – System Affected
- CVE-2025-22225 – Systems Affected
- CVE-2025-22224 – Systems Affected
- CVE-2025-22226 – Systems Affected
What this means?
These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.
CVE-2025-22224 – VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
CVE-2025-22226 – VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious Actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Mitigation process
CERTVU encourages users and administrators to search for indicators of compromise (IOCs) and apply the necessary updates and workarounds. Apply mitigations per vendor instructions, follow applicable BOD 22-1 guidance and requirements of Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities. See the BOD 22-01 Fact Sheet for more information. for cloud services, or discontinue use of the affected product if mitigations are unavailable
References
2.https://www.cve.org/CVERecord?id=CVE-2024-50302
3.https://www.cve.org/CVERecord?id=CVE-2025-22225
4.https://www.cve.org/CVERecord?id=CVE-2025-22224
5.https://www.cve.org/CVERecord?id=CVE-2025-22226
- Download advisory (English): CISA Adds Four Known Exploited Vulnerabilities
- Download advisory (Bislama): CISA i Adem Fo (4) Vulnerabiliti we Yumi save we oli Eksploitem
- Download advisory (French): CISA rajoute quatre vulnérabilités exploitées connues