VMWare and Linux added to CISA Known Exploited Catalog - 20250305001

Overview

CISA have added items to their Known Exploited Vulnerabilities catalog relating to VMWare and Linux products.

What is vulnerable?

Product(s) Affected	CVE	CVSS	Severity
Linux Kernel	CVE-2024-50302	7.8	High
VMWare ESXi, Workstation	CVE-2025-22224	9.3	Critical
VMWare ESXi	CVE-2025-22225	8.2	High
VMWare ESXi, Workstation, Fusion	CVE-2025-22226	7.1	High

What has been observed?

CISA added this vulnerability in their Known Exploited Vulnerabilities catalog. There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 Hours... (refer Patch Management):

• VMWare: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
• CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog