ICSA-25-077-02 · Published 2025-03-18 · View on CISA ICS-CERT ↗

Rockwell Automation Lifecycle Services with VMware

CVSS 9.3 CRITICAL CISA KEV — Known Exploited

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker with local administrative privileges to execute code.

CVE-2025-22224 CVE-2025-22225 CVE-2025-22226

Rockwell Automation will contact impacted users to discuss actions needed for remediation efforts.
Users without Rockwell Automation managed services contract, refer to Broadcom's advisories below:
Support Content Notification - Support Portal - Broadcom support portal
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3s-release-notes.html
Additionally, users using the affected software, who are not able to upgrade to one of the corrected versions, are encouraged to apply security best practices, where possible.
Security Best Practices

Rockwell Automation

Rockwell Automation · Industrial Data Center (IDC) with VMware >=Generations_1|<=4

Rockwell Automation · VersaVirtual Appliance (VVA) with VMware Series_A_and_B

Rockwell Automation · Threat Detection Managed Services (TDMS) with VMware vers:all/*

Rockwell Automation · Endpoint Protection Service with RA Proxy & VMware only vers:all/*

Rockwell Automation · Engineered and Integrated Solutions with VMware vers:all/*

Critical Manufacturing

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.