The security of our products is important to us as your chosen industrial automation supplier. This anomaly was found through a third-party advisory and is being reported based on our commitment to customer transparency and to improve their business or production environments.
AFFECTED PRODUCTS AND SOLUTION
Affected Product |
Affected Versions |
Corrected in software version |
Industrial Data Center (IDC) with VMware |
Generations 1 – 4 |
Refer to Mitigations and Workarounds |
VersaVirtual™ Appliance (VVA) with VMware |
Series A & B |
Refer to Mitigations and Workarounds |
Threat Detection Managed Services (TDMS) with VMware |
All |
Refer to Mitigations and Workarounds
|
Endpoint Protection Service with RA Proxy & VMware only |
All |
Refer to Mitigations and Workarounds
|
Engineered and Integrated Solutions with VMware |
All |
|
Remediations and Workarounds
Users with an active Rockwell Automation Infrastructure Managed Service contract or Threat Detection Managed Service contract:
Rockwell Automation will contact impacted users to discuss actions needed for remediation efforts.
Users without Rockwell Automation managed services contract, refer to Broadcom’s advisories below:
· Support Content Notification - Support Portal - Broadcom support portal
Additionally, users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.
VULNERABILITY DETAILS
Rockwell Automation used v3.1 and v4.0 of the CVSS scoring system to assess the following vulnerabilities.
CVE-2025-22224
A Time of Check Time of use (TOCTOU) vulnerability exists in VMware ESXi, which the affected products use. Exploitation of the vulnerability can allow a threat actor with local administrative privileges to execute code as the virtual machine's VMX process running on the host.
CVSS 3.1 Base Score: 9.3
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS 4.0 Base Score: 9.4
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Known Exploited Vulnerability (KEV) database: Yes
CVE-2025-22225
A code execution vulnerability exists in VMware ESXi, which the affected products use. Exploitation of the vulnerability can allow a threat actor with privileges within the VMX process trigger an arbitrary kernel write, leading to an escape of the sandbox.
CVSS 3.1 Base Score: 8.2
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVSS 4.0 Base Score: 9.3
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Known Exploited Vulnerability (KEV) database: Yes
CVE-2025-22226
An out of bounds vulnerability exists in VMware ESXi, which the affected products use. Exploitation of the vulnerability can allow a threat actor with administrative privileges to leak memory from the vmx process.
CVSS 3.1 Base Score: 7.1
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVSS 4.0 Base Score: 8.2
CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N
Known Exploited Vulnerability (KEV) database: Yes
Users can use Stakeholder-Specific Vulnerability Categorization to generate more environment-specific prioritization.
ADDITIONAL RESOURCES
The following link provides CVE information in Vulnerability Exploitability Exchange (VEX) format, which is machine readable and can be used to automate vulnerability management and tracking activities.
