VMware fixed three actively exploited zero-days in ESX products

Broadcom released security updates for three actively exploited zero-day vulnerabilities in VMware ESX products. The vulnerabilities, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, allow attackers with privileged access to escape the sandbox within the virtual machine. VMware confirmed exploitation in the wild but did not disclose specific attack details.