Broadcom has released security patches for actively exploited vulnerabilities in VMware ESXi, Workstation, and Fusion, including CVE-2025-22224 (code execution), CVE-2025-22225 (sandbox escape), and CVE-2025-22226 (memory leak). Affected versions include ESXi 7.0/8.0, Workstation 17.x, Fusion 13.x, and Cloud/Telco platforms. Microsoft discovered the flaws, and CISA requires federal agencies to patch by March 25, 2025. Exploitation has been observed, making immediate updates critical.

‍