Advisory 82

Advisory 82: CISA Adds Four Known Exploited Vulnerabilities

Release Date: 04th of March 2025

Impact : HIGH / CRITICAL

TLP Rating: Clear

CERT Vanuatu (CERTVU) and the Department of Communication and Digital Transformation (DCDT) provide the following advisory.
This alert is relevant to Organizations who utilize the above products. This alert is intended to be understood by technical users.

What is it?

CISA has released four new vulnerabilities based on evidence of active exploitation.

  • CVE-2024-50302 – Linux Kernel Use of Uninitialized Resource Vulnerability
  • CVE-2025-22225 – VMware ESXi Arbitrary Write Vulnerability
  • CVE-2025-22224 – Vmware ESXi and Workstation TOCTOU Race Condition Vulnerability
  • CVE-2025-22226 – Vmware ESXi, Workstation, and Fusion Information Disclosure Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

 

References

1.https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog

2.https://www.cve.org/CVERecord?id=CVE-2024-50302

3.https://www.cve.org/CVERecord?id=CVE-2025-22225

4.https://www.cve.org/CVERecord?id=CVE-2025-22224

5.https://www.cve.org/CVERecord?id=CVE-2025-22226

6.https://www.cisa.gov/sites/default/files/publications/Reducing_the_Significant_Risk_of_Known_Exploited_Vulnerabilities_211103.pdf