CVE-2025-22226

What is VMware's HGFS?

Host-Guest Filesystem (HGFS) is a VMware feature that enables file sharing between a virtual machine guest and the host system through VMware Tools. It allows guests to access host filesystem paths via shared folders. The HGFS implementation runs within the vmx process on the host — the hypervisor process that manages each individual VM. Out-of-bounds reads in HGFS can expose host process memory to a guest VM.

Overview

CVE-2025-22226 is an out-of-bounds read vulnerability (CWE-125) in VMware ESXi, Workstation, and Fusion's HGFS implementation that allows an attacker with administrative privileges within a virtual machine to leak memory from the host's vmx process. This is the information disclosure component of a three-CVE guest-escape chain (VMSA-2025-0004) alongside CVE-2025-22224 (SVGA heap overflow enabling RCE on the host) and CVE-2025-22225 (ESXi arbitrary write for kernel privilege escalation). All three were exploited as zero-days in targeted attacks before Broadcom released patches on March 4, 2025.

Affected Versions

Technical Details

The out-of-bounds read (CWE-125) in the HGFS implementation allows code running inside a VM to read beyond the bounds of an allocated buffer in the host's vmx process. The vmx process manages the VM and handles shared folder communication; it runs on the host with the privileges of the virtualization layer.

Role in the guest escape chain (VMSA-2025-0004):

1. CVE-2025-22226 (this CVE): Out-of-bounds read in HGFS → read primitive — leaks host vmx process memory including addresses and heap layout
2. CVE-2025-22225: Arbitrary write primitive within the ESXi kernel context — used to corrupt host kernel structures
3. CVE-2025-22224: SVGA heap overflow — the primary code execution trigger that enables RCE on the host

The OOB read provides the memory layout information (address space layout randomization bypass) needed to reliably exploit the write/execute primitives in the chain.

Characteristic: The Changed scope (S:C) reflects that the information disclosed crosses the VM/host boundary — memory from the host process is exposed to the guest.

Discovery

Discovered by researchers from the Microsoft Threat Intelligence Center (MSTIC) and coordinated with Broadcom before disclosure. Active exploitation before the patch was attributed to sophisticated nation-state actors targeting enterprise virtualization infrastructure.

Exploitation Context

CISA added CVE-2025-22226 to the KEV catalog on March 4, 2025 — the same day as the patch — confirming active zero-day exploitation. The full VMSA-2025-0004 chain was exploited in highly targeted attacks against enterprise VMware environments, consistent with espionage-motivated threat actors seeking access to virtualized infrastructure.

Remediation

1. Apply VMSA-2025-0004 patches immediately for all three CVEs: ESXi 8.0 U3d / 7.0 U3r, Workstation 17.6.3, Fusion 13.6.3. The CISA deadline was March 25, 2025.
2. Patch all three CVEs in the chain — patching only the information disclosure (this CVE) without patching CVE-2025-22224 and CVE-2025-22225 leaves the RCE and write primitives exploitable.
3. Disable VMware shared folders (HGFS) on any VMs that do not require the feature — this eliminates the attack surface for the OOB read.
4. Restrict VM administrator privileges — the vulnerability requires administrative privileges within the guest; limiting VM admin access reduces exposure.
5. Monitor for HGFS anomalies in ESXi logs: unusual HGFS request patterns or large data transfers via shared folder channels before the patch date.