Product Releases
| Product | Version | Date | Download | Release Notes |
|---|---|---|---|---|
| Skyline Health Diagonostic (SHD) | 4.0.8 | 02/27 | Download | Release Notes |
| vSphere | 8.0 u3d | 03/04 | Download | Release Notes |
| vSphere | 8.0 u2d | 03/04 | Download | Release Notes |
| vSphere | 7.0 u3s | 03/04 | Download | Release Notes |
| vSphere | 6.7 u3s | 03/04 | Download | Release Notes |
| Workstation | 17.6.3 | 03/04 | Download | Release Notes |
| Fusion | 13.6.3 | 03/04 | Download | Release Notes |
VMSA-2025-0004 [CRITICAL] [CVSSv3: 7.1 – 9.3]
CVE(s)
- VMCI heap-overflow vulnerability (CVE-2025-22224)
- VMware ESXi arbitrary write vulnerability (CVE-2025-22225)
- HGFS information-disclosure vulnerability (CVE-2025-22226)
Description
- Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
VMware would like to thank Microsoft Threat Intelligence Center for reporting this issue to us. - FAQ: https://brcm.tech/vmsa-2025-0004
- Workaround: None
| Product | CVE | Fixed Version | Documentation |
|---|---|---|---|
| ESXi 8.0 u3 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | ESXi80U3d-24585383 | FAQ |
| ESXi 8.0 u2 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | ESXi80U2d-24585300 | FAQ |
| ESXi 7.0 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | ESXi70U3s-24585291 | FAQ |
| ESXi 6.7 | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | ESXi670-202503001 | FAQ |
| Workstation | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | 17.6.3 | FAQ |
| Fusion | CVE-2025-22226 | 13.6.3 | FAQ |
| VCF 5.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Async patch to ESXi80U3d-24585383 | Async Patching Guide: KB88287 |
| VCF 4.x | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | Async patch to ESXi70U3s-24585291 | Async Patching Guide: KB88287 |
| Telco Cloud Platform | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | KB389385 | FAQ |
| Telco Cloud Platform Infrastruktur | CVE-2025-22224, CVE-2025-22225, CVE-2025-22226 | KB389385 | FAQ |
vExpert
1,238 vExperts from 75 Countries
We are pleased to announce the list of 2025 vExperts. You can visit the vExpert Directory to see the list and profiles of each vExpert. All of the new and returning vExperts have demonstrated significant contributions to the community and a willingness to share their stories and expertise with others.
PROGRAM INTRODUCTION:
The VMware vExpert program honors individuals worldwide for their notable contributions to the VMware community and ecosystem. It’s not a technical certification but a recognition for your community efforts. This individual award lasts for a year, from February to January. Both customer and partner employees are eligible. We assess various community contributions from the past year to select awardees.
vExpert Program Benefits
- One year complimentary VMUG Advantage subscription.
- 3-year VCF or VVF license for home lab use (Dependent on you passing your VCP-VCF or your VCP-VVF exam.)
- 50% off exams.
- Network with over 1,300 vExperts from 77 countries.
- Opportunity to apply for VMware Business Unit lead vExpert sub-program.
- Invite to our private vExpert communication channels.
- Permission to use the vExpert logo on cards, websites, etc., for one year.
- Private & technical deep-dive webinars with VMware and VMware partners.
- Access to private betas (subject to admission by beta teams).
- Private pre-launch briefings via our bloggers‘ briefing pre-VMware Explore (subject to admission by product teams).
- Featured in a public vExpert online directory
- Access to vetted VMware & Virtualization content for your social channels through VMware Advocacy.
- Yearly Community Leadership Reception at VMware Explore U.S.
| Community Work Engagement | Count |
|---|---|
| 10+ Years in the Program | 231 |
| 15 Years in the Program | 43 |
| 18 Years in the Program | 28 |
| Bloggers | 728 |
| Book Authors | 58 |
| Coder / Script Writerss | 90 |
| Community Forums Moderators | 16 |
| Enterprise Influencers | 60 |
| HOL Volunteer | 41 |
| Internal Champion | 157 |
| Podcasters | 87 |
| Public Speakers | 580 |
| Top Contributor | 55 |
| VCDX Certification Holders | 125 |
| VMware Related Forums Champion | 802 |
| Video Creators | 143 |
| VMUG Leaders | 266 |
| Volunteer Community Work | 212 |
KB Articles
| Subject | ID |
|---|---|
| Moving vSAN Hosts/Nodes from one cluster to another within the same vCenter. | 389573 |
| Dealing with inaccessible objects in a vSAN cluster. | 389599 |
| Troubleshooting Invoke-VMScript Failures During Guest OS Onboarding in Aria Automation | 389569 |
| Pods do not start on Aria Automation node | 389553 |
| /24 route that represents an aggregation route disappears from T0 routing table, while the small subnets are still present on the routing table. | 389528 |
| The Aria Lifecycle Manager (LCM) upgrade failed with error message „Could not get VCF BOM details“ | 389502 |
| Aria Automation VM provisioning failed during VM allocation phase | 389497 |
| vSAN compute only cluster upgrade precheck | 389410 |
| Aria Operations for Networks reports an alert “Threshold Exceeded Data Source Temperature” | 389334 |
| Unable to send webhook to Microsoft Teams – Aria Operations for Logs 8.18 | 389324 |
| „Configure Lifecycle Minion“ missing after applying the latest version of VRSLCM 8.18 Pspack 4 | 389316 |
| VMs lost network connection in heavy workload ESXi host | 389310 |
| After upgrading to vCenter 8.0.U3 vCenter snapshot removed | 389305 |
| vCLS VM IDs are zeros after patching ESXi to 8.0.3b | 389272 |
| Cannot login to Aria Operations for Logs using local admin or AD account wheel continuously spinning | 389241 |
| Power on task for a virtual machine failed with license key has expired | 389226 |
| Application has crashed on NSX manager due to upgrade coordinator out of memory | 389094 |
| vCenter Appliance Availability Dashboard is not working in Aria Operations. | 389078 |
| Unable to install Telegraf agent on Linux VM integrated with Active Directory using a domain account | 389056 |
| Unable to use job inputs to dynamically alter states | 389008 |
| vSAN 8.x reports vSAN daemon liveness in red in vCenter UI and cmmdsTimeMachine is not running when checked from host CLI. | 389004 |
| ESXi Host Disconnects When Attempting to Resize Disk of VM through pyvmomi | 389003 |
| Diagnostics for VMware Cloud Foundation: Missing Log Based Findings | 388952 |
Podcast | Webinar | Blog Posts
Quick Tip – Audit vCenter Server Role & Permission Usage (Blogpost)
vCenter Server ships out of the box a number of system and custom roles, which can be used or users can create their own custom roles containing the required privileges. If you wanted to understand which roles are actively being used, the following PowerCLI snippet can help provide insights to roles that have been assigned. Furthermore, the script will also output to a file, that contains all he privileges defined for the vCenter Roles that are in active use.
VMware Telco Cloud at Mobile World Congress 2025 (Podcast)
In this episode of Virtually Speaking, we’re gearing up for Mobile World Congress 2025 with Paul Turner, VP of Products, and Anupama, Telco Lead for Product Marketing at Broadcom. We dive into Broadcom’s bold vision for the Telco Data Center, focusing on how simplification, unification, and automation are transforming network operations. With the theme “Your Telco Data Center. Simplified. Unified. Automated.”, Broadcom is set to showcase innovations that help Telcos accelerate service delivery, reduce costs, and stay ahead in a rapidly evolving market. Tune in to get a sneak peek at what’s coming at MWC 2025!
BLOG Homelab vCloud NSX Veeam Linux VSAN VMware Advocacy About ESXi to Syslog: Troubleshooting Connectivity Issues Like a Pro! (Blogpost)
When troubleshooting ESXi network and Syslog server connectivity issues, knowing the right tools can save you hours of frustration. Whether it’s an unresponsive syslog server, blocked TCP/UDP ports, this guide will help you diagnose and fix common connectivity issues quickly.
Login Messages and Banners in Aria Operations, Operations for Logs, and Automation (Blogpost)
For customers running several instances of the various Aria products, it can be helpful to tell users what instance they are actually logging in to. With Aria Operations and Operations for Logs this can be done with a login message. […]