A series of critical vulnerabilities in VMware's virtualization products have led to a widespread wave of ransomware attacks, compromising the infrastructures of numerous enterprises. Exploiting three CVEs—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—attackers gain elevated privileges, escape VM containment and enact widespread encryption. The healthcare and financial sectors were particularly hit, leading to encrypted patient record systems and transaction databases with ransoms ranging from $2 to $5 million. The severity of the impact was exacerbated by oversights in security monitoring, ineffective segmentation, and delay in implementing available patches. Despite the vulnerabilities being patched by Broadcom, the immediate need for urgent patch application and heightened vigilance remains crucial.
Source: https://cybersecuritynews.com/vmware-vulnerabilities-exploited-ransomware/
TPRM report: https://scoringcyber.rankiteo.com/company/vmware
"id": "vmw423032425",
"linkid": "vmware",
"type": "Ransomware",
"date": "3/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': ['Healthcare', 'Financial'],
'type': 'Enterprise'}],
'attack_vector': 'Exploiting vulnerabilities in VMware virtualization '
'products',
'data_breach': {'data_encryption': 'Widespread encryption',
'type_of_data_compromised': ['Patient records',
'Transaction data']},
'description': "A series of critical vulnerabilities in VMware's "
'virtualization products have led to a widespread wave of '
'ransomware attacks, compromising the infrastructures of '
'numerous enterprises. Exploiting three CVEs—CVE-2025-22224, '
'CVE-2025-22225, and CVE-2025-22226—attackers gain elevated '
'privileges, escape VM containment and enact widespread '
'encryption. The healthcare and financial sectors were '
'particularly hit, leading to encrypted patient record systems '
'and transaction databases with ransoms ranging from $2 to $5 '
'million. The severity of the impact was exacerbated by '
'oversights in security monitoring, ineffective segmentation, '
'and delay in implementing available patches. Despite the '
'vulnerabilities being patched by Broadcom, the immediate need '
'for urgent patch application and heightened vigilance remains '
'crucial.',
'impact': {'data_compromised': ['Patient record systems',
'Transaction databases'],
'systems_affected': ['VMware virtualization products',
'Patient record systems',
'Transaction databases']},
'initial_access_broker': {'entry_point': 'VMware virtualization products',
'high_value_targets': ['Healthcare and financial '
'sectors']},
'motivation': 'Financial gain',
'post_incident_analysis': {'root_causes': ['Oversights in security monitoring',
'Ineffective segmentation',
'Delay in implementing available '
'patches']},
'ransomware': {'data_encryption': 'Widespread encryption',
'ransom_demanded': ['$2 million', '$5 million']},
'recommendations': ['Urgent patch application', 'Heightened vigilance'],
'response': {'enhanced_monitoring': 'Oversights in security monitoring',
'network_segmentation': 'Ineffective segmentation'},
'title': 'Widespread Ransomware Attacks Exploiting VMware Vulnerabilities',
'type': 'Ransomware',
'vulnerability_exploited': ['CVE-2025-22224',
'CVE-2025-22225',
'CVE-2025-22226']}