India, March 6 -- The U.S. Cybersecurity and Infrastructure Security Agency has raised urgent security alerts about three VMware vulnerabilities, including CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, that permit an attacker to escalate privileges, execute remote code on hypervisors, or leak memory. Security experts now warn of incoming massive cyberwarfare unless striking measures are taken, as this kind of virtualization software is being heavily used by enterprise and even government IT infrastructures around the globe.

An attacker with administrative access to a VM can exploit a heap overflow in the VMX process and gain full control of the hypervisor and pivot within virtualized environments. Attackers can take control of mult...