March 4, 2025 was a day filled with uncertainty for VMware clients when the US government agency CISA (Cybersecurity and Infrastructure Security Agency) announced that three VMware ESXi vulnerabilities were being added to the Known Exploited Vulnerabilities (KEV) list.[1] Two of these vulnerabilities were ranked as “severe” and one as “critical” based on their severity (CVSS) scores.
Broadcom acknowledged that one of the vulnerabilities could allow malicious code to access the underlying hypervisor, potentially compromising all virtual machines on a host.[2] This sent many security teams scrambling, especially since ShadowServer reported over 41,000 servers as vulnerable as of March 6, 2025[3].
For Rimini Street clients, however, March 4 was just another ordinary day.
Rimini Protect™ Advanced Hypervisor Security (AHS), an exclusive solution powered by proven Vali Cyber®, effectively protected against all three vulnerabilities with the recommended configuration settings that are installed “out of the box.”[4] So while many cybersecurity teams were scrambling with patches, testing and remediation plans, Rimini Protect AHS clients experienced no downtime or disruptions.
But the story goes deeper.
A security strategy that works
On the morning of March 4, before the CISA announcement, Rimini Street’s real-time threat intelligence network and proactive partner, Vali Cyber, notified the Rimini Protect cybersecurity team of the three newly discovered ESXi vulnerabilities and confirmed that these vulnerabilities were fully mitigated by the default configurations of Rimini Protect Advanced Hypervisor Security. With advanced warning of the vulnerabilities, Rimini Street verified that remediations for these vulnerabilities were effective before sharing with clients.
Rimini Protect’s proactive protection model neutralizes threats before they become a crisis, complementing and enhancing existing security strategies that clients have in place. Instead of waiting for vendors to release patches, clients under Rimini Protect already had the necessary safeguards in place, allowing them to focus on businesses operations without being sidetracked by emergency security disruptions. Even if patches are issued immediately for every vulnerability, the logistical challenges and potential downtime can be significant when it comes to testing and deploying those patches, leaving your business exposed to exploited vulnerabilities.
Should additional remediations have been needed, Rimini Street and its partners were – and always are – fully prepared to act immediately, leveraging deep expertise in security and a global team of specialists dedicated to protecting mission-critical systems.
A proactive approach to security is the way forward
The events of March 4 serve as a reminder of how necessary a proactive security posture and partner are for companies that depend heavily on virtual machine environments for crucial business operations, customer engagement and financial activities.
Rimini Protect Advanced Hypervisor Security offers protection without any downtime or impact on business operations, helping to save time, money and resources that can be refocused on business innovation.
Rimini Street’s exclusive ability to offer Rimini Support with Rimini Protect Advanced Hypervisor Security empowers organizations to take charge of their operations, achieving up to 90% reduction in total support costs while ensuring effective and proactive security against vulnerabilities and exploits.
“At Rimini Street, we take pride in our commitment to protecting our clients’ mission-critical systems and the irreplaceable data that is constantly under threat. This is yet another great example of how our approach to securing systems against the exploitation of vulnerabilities pays dividends in terms of time to protection and efficacy.” – Gabe Dimeglio, CISO, SVP & GM Rimini Protect and Watch Solutions.
Learn more about the Rimini Protect for Advanced Hypervisor Security solution and how we can tailor protection for your unique enterprise software ecosystem here.
[3] ShadowServer report on CVE-2025-22224
[4] AHS clients with the “ESXi VMX” rule enabled with the Response Type set to “Kill” or “Remediate” had immediate protection with no further action required.
