{
    "document": {
        "category": "csaf_security_advisory",
        "csaf_version": "2.0",
        "distribution": {
            "tlp": {
                "label": "WHITE"
            }
        },
        "lang": "nl",
        "notes": [
            {
                "category": "legal_disclaimer",
                "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
            },
            {
                "category": "description",
                "text": "Broadcom heeft kwetsbaarheden verholpen in VMware ESXi (inclusief Workstation en Fusion).",
                "title": "Feiten"
            },
            {
                "category": "description",
                "text": "De kwetsbaarheden omvatten een TOCTOU-kwetsbaarheid die een kwaadwillende met lokale administratieve rechten in staat stelt om code uit te voeren als het VMX-proces op de host via een out-of-bounds write. Daarnaast is er een arbitrarily write-kwetsbaarheid die het mogelijk maakt voor een kwaadwillende met privileges in het VMX-proces om kernel writes uit te voeren, wat kan leiden tot ontsnapping uit de sandbox-omgeving. Ook is er een informatielek-kwetsbaarheid door een out-of-bounds read in HGFS, wat kan leiden tot geheugenlekken vanuit het VMX-proces.\n\nVan de kwetsbaarheid met kenmerk CVE-2025-22226 meldt Broadcom informatie te hebben dat deze actief is misbruikt.",
                "title": "Interpretaties"
            },
            {
                "category": "description",
                "text": "Broadcom heeft patches uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
                "title": "Oplossingen"
            },
            {
                "category": "general",
                "text": "medium",
                "title": "Kans"
            },
            {
                "category": "general",
                "text": "high",
                "title": "Schade"
            },
            {
                "category": "general",
                "text": "Out-of-bounds Read",
                "title": "CWE-125"
            },
            {
                "category": "general",
                "text": "Out-of-bounds Write",
                "title": "CWE-787"
            }
        ],
        "publisher": {
            "category": "coordinator",
            "contact_details": "cert@ncsc.nl",
            "name": "Nationaal Cyber Security Centrum",
            "namespace": "https://www.ncsc.nl/"
        },
        "references": [
            {
                "category": "external",
                "summary": "Source - broadcom",
                "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
            }
        ],
        "title": "Kwetsbaarheden verholpen in VMware producten",
        "tracking": {
            "current_release_date": "2025-03-04T14:11:56.959153Z",
            "generator": {
                "date": "2025-02-25T15:15:00Z",
                "engine": {
                    "name": "V.A.",
                    "version": "1.0"
                }
            },
            "id": "NCSC-2025-0073",
            "initial_release_date": "2025-03-04T14:11:56.959153Z",
            "revision_history": [
                {
                    "date": "2025-03-04T14:11:56.959153Z",
                    "number": "0",
                    "summary": "Initiele versie"
                }
            ],
            "status": "final",
            "version": "1.0.0"
        }
    },
    "product_tree": {
        "branches": [
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/17.6.3",
                                "product": {
                                    "name": "vers:broadcom/17.6.3",
                                    "product_id": "CSAFPID-2407505"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/17.x",
                                "product": {
                                    "name": "vers:broadcom/17.x",
                                    "product_id": "CSAFPID-2407494"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/17.x <17.6.3",
                                "product": {
                                    "name": "vers:unknown/17.x <17.6.3",
                                    "product_id": "CSAFPID-2407275"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Workstation"
                    }
                ],
                "category": "vendor",
                "name": "VMWare"
            },
            {
                "branches": [
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/4.5.x",
                                "product": {
                                    "name": "vers:broadcom/4.5.x",
                                    "product_id": "CSAFPID-2407495"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/5.x",
                                "product": {
                                    "name": "vers:broadcom/5.x",
                                    "product_id": "CSAFPID-1668711"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/4.5.x <esxi70u3s-24585291",
                                "product": {
                                    "name": "vers:unknown/4.5.x <esxi70u3s-24585291",
                                    "product_id": "CSAFPID-2407279"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/5.x <esxi80u3d-24585383",
                                "product": {
                                    "name": "vers:unknown/5.x <esxi80u3d-24585383",
                                    "product_id": "CSAFPID-2407274"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Cloud Foundation"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/7.0",
                                "product": {
                                    "name": "vers:broadcom/7.0",
                                    "product_id": "CSAFPID-2407493"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/8.0",
                                "product": {
                                    "name": "vers:broadcom/8.0",
                                    "product_id": "CSAFPID-2407492"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/esxi70u3s-24585291",
                                "product": {
                                    "name": "vers:broadcom/esxi70u3s-24585291",
                                    "product_id": "CSAFPID-2407504"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/esxi80u2d-24585300",
                                "product": {
                                    "name": "vers:broadcom/esxi80u2d-24585300",
                                    "product_id": "CSAFPID-2407503"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/esxi80u3d-24585383",
                                "product": {
                                    "name": "vers:broadcom/esxi80u3d-24585383",
                                    "product_id": "CSAFPID-2407502"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/7.0 <esxi70u3s-24585291",
                                "product": {
                                    "name": "vers:unknown/7.0 <esxi70u3s-24585291",
                                    "product_id": "CSAFPID-2407276"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/8.0 <esxi80u2d-24585300",
                                "product": {
                                    "name": "vers:unknown/8.0 <esxi80u2d-24585300",
                                    "product_id": "CSAFPID-2407277"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/8.0 <esxi80u3d-24585383",
                                "product": {
                                    "name": "vers:unknown/8.0 <esxi80u3d-24585383",
                                    "product_id": "CSAFPID-2407278"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "ESXi"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/13.6.3",
                                "product": {
                                    "name": "vers:broadcom/13.6.3",
                                    "product_id": "CSAFPID-2407507"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/13.x",
                                "product": {
                                    "name": "vers:broadcom/13.x",
                                    "product_id": "CSAFPID-2407506"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:unknown/13.x <13.6.3",
                                "product": {
                                    "name": "vers:unknown/13.x <13.6.3",
                                    "product_id": "CSAFPID-2407280"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Fusion"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/2.x",
                                "product": {
                                    "name": "vers:broadcom/2.x",
                                    "product_id": "CSAFPID-2407501"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/3.x",
                                "product": {
                                    "name": "vers:broadcom/3.x",
                                    "product_id": "CSAFPID-2407500"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Telco Cloud Infrastructure"
                    },
                    {
                        "branches": [
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/2.x",
                                "product": {
                                    "name": "vers:broadcom/2.x",
                                    "product_id": "CSAFPID-2407499"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/3.x",
                                "product": {
                                    "name": "vers:broadcom/3.x",
                                    "product_id": "CSAFPID-2407498"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/4.x",
                                "product": {
                                    "name": "vers:broadcom/4.x",
                                    "product_id": "CSAFPID-2407497"
                                }
                            },
                            {
                                "category": "product_version_range",
                                "name": "vers:broadcom/5.x",
                                "product": {
                                    "name": "vers:broadcom/5.x",
                                    "product_id": "CSAFPID-2407496"
                                }
                            }
                        ],
                        "category": "product_name",
                        "name": "Telco Cloud Platform"
                    }
                ],
                "category": "vendor",
                "name": "VMware"
            }
        ]
    },
    "vulnerabilities": [
        {
            "cve": "CVE-2025-22224",
            "product_status": {
                "known_affected": [
                    "CSAFPID-2407505",
                    "CSAFPID-2407494",
                    "CSAFPID-2407275",
                    "CSAFPID-2407495",
                    "CSAFPID-1668711",
                    "CSAFPID-2407279",
                    "CSAFPID-2407274",
                    "CSAFPID-2407493",
                    "CSAFPID-2407492",
                    "CSAFPID-2407504",
                    "CSAFPID-2407503",
                    "CSAFPID-2407502",
                    "CSAFPID-2407276",
                    "CSAFPID-2407277",
                    "CSAFPID-2407278",
                    "CSAFPID-2407507",
                    "CSAFPID-2407506",
                    "CSAFPID-2407280",
                    "CSAFPID-2407501",
                    "CSAFPID-2407500",
                    "CSAFPID-2407499",
                    "CSAFPID-2407498",
                    "CSAFPID-2407497",
                    "CSAFPID-2407496"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2025-22224",
                    "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22224.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 9.3,
                        "baseSeverity": "CRITICAL"
                    },
                    "products": [
                        "CSAFPID-2407505",
                        "CSAFPID-2407494",
                        "CSAFPID-2407275",
                        "CSAFPID-2407495",
                        "CSAFPID-1668711",
                        "CSAFPID-2407279",
                        "CSAFPID-2407274",
                        "CSAFPID-2407493",
                        "CSAFPID-2407492",
                        "CSAFPID-2407504",
                        "CSAFPID-2407503",
                        "CSAFPID-2407502",
                        "CSAFPID-2407276",
                        "CSAFPID-2407277",
                        "CSAFPID-2407278",
                        "CSAFPID-2407507",
                        "CSAFPID-2407506",
                        "CSAFPID-2407280",
                        "CSAFPID-2407501",
                        "CSAFPID-2407500",
                        "CSAFPID-2407499",
                        "CSAFPID-2407498",
                        "CSAFPID-2407497",
                        "CSAFPID-2407496"
                    ]
                }
            ],
            "title": "CVE-2025-22224"
        },
        {
            "cve": "CVE-2025-22225",
            "product_status": {
                "known_affected": [
                    "CSAFPID-2407505",
                    "CSAFPID-2407494",
                    "CSAFPID-2407275",
                    "CSAFPID-2407495",
                    "CSAFPID-1668711",
                    "CSAFPID-2407279",
                    "CSAFPID-2407274",
                    "CSAFPID-2407493",
                    "CSAFPID-2407492",
                    "CSAFPID-2407504",
                    "CSAFPID-2407503",
                    "CSAFPID-2407502",
                    "CSAFPID-2407276",
                    "CSAFPID-2407277",
                    "CSAFPID-2407278",
                    "CSAFPID-2407507",
                    "CSAFPID-2407506",
                    "CSAFPID-2407280",
                    "CSAFPID-2407501",
                    "CSAFPID-2407500",
                    "CSAFPID-2407499",
                    "CSAFPID-2407498",
                    "CSAFPID-2407497",
                    "CSAFPID-2407496"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2025-22225",
                    "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22225.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
                        "baseScore": 8.2,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-2407505",
                        "CSAFPID-2407494",
                        "CSAFPID-2407275",
                        "CSAFPID-2407495",
                        "CSAFPID-1668711",
                        "CSAFPID-2407279",
                        "CSAFPID-2407274",
                        "CSAFPID-2407493",
                        "CSAFPID-2407492",
                        "CSAFPID-2407504",
                        "CSAFPID-2407503",
                        "CSAFPID-2407502",
                        "CSAFPID-2407276",
                        "CSAFPID-2407277",
                        "CSAFPID-2407278",
                        "CSAFPID-2407507",
                        "CSAFPID-2407506",
                        "CSAFPID-2407280",
                        "CSAFPID-2407501",
                        "CSAFPID-2407500",
                        "CSAFPID-2407499",
                        "CSAFPID-2407498",
                        "CSAFPID-2407497",
                        "CSAFPID-2407496"
                    ]
                }
            ],
            "title": "CVE-2025-22225"
        },
        {
            "cve": "CVE-2025-22226",
            "product_status": {
                "known_affected": [
                    "CSAFPID-2407505",
                    "CSAFPID-2407494",
                    "CSAFPID-2407275",
                    "CSAFPID-2407495",
                    "CSAFPID-1668711",
                    "CSAFPID-2407279",
                    "CSAFPID-2407274",
                    "CSAFPID-2407493",
                    "CSAFPID-2407492",
                    "CSAFPID-2407504",
                    "CSAFPID-2407503",
                    "CSAFPID-2407502",
                    "CSAFPID-2407276",
                    "CSAFPID-2407277",
                    "CSAFPID-2407278",
                    "CSAFPID-2407507",
                    "CSAFPID-2407506",
                    "CSAFPID-2407280",
                    "CSAFPID-2407501",
                    "CSAFPID-2407500",
                    "CSAFPID-2407499",
                    "CSAFPID-2407498",
                    "CSAFPID-2407497",
                    "CSAFPID-2407496"
                ]
            },
            "references": [
                {
                    "category": "self",
                    "summary": "CVE-2025-22226",
                    "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2025/CVE-2025-22226.json"
                }
            ],
            "scores": [
                {
                    "cvss_v3": {
                        "version": "3.1",
                        "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                        "baseScore": 7.1,
                        "baseSeverity": "HIGH"
                    },
                    "products": [
                        "CSAFPID-2407505",
                        "CSAFPID-2407494",
                        "CSAFPID-2407275",
                        "CSAFPID-2407495",
                        "CSAFPID-1668711",
                        "CSAFPID-2407279",
                        "CSAFPID-2407274",
                        "CSAFPID-2407493",
                        "CSAFPID-2407492",
                        "CSAFPID-2407504",
                        "CSAFPID-2407503",
                        "CSAFPID-2407502",
                        "CSAFPID-2407276",
                        "CSAFPID-2407277",
                        "CSAFPID-2407278",
                        "CSAFPID-2407507",
                        "CSAFPID-2407506",
                        "CSAFPID-2407280",
                        "CSAFPID-2407501",
                        "CSAFPID-2407500",
                        "CSAFPID-2407499",
                        "CSAFPID-2407498",
                        "CSAFPID-2407497",
                        "CSAFPID-2407496"
                    ]
                }
            ],
            "title": "CVE-2025-22226"
        }
    ]
}