A newly disclosed VMware Tools vulnerability (CVE-2025-22247) allows attackers with limited access to compromise virtual machines by tampering with local files. Broadcom has issued patches for affected versions on Windows and Linux to address this moderate-severity flaw.
Affected: VMware, Virtual Machines, VMware Tools, open-vm-tools
Affected: VMware, Virtual Machines, VMware Tools, open-vm-tools
Keypoints
- The vulnerability, tracked as CVE-2025-22247, affects VMware Tools versions 11.x.x and 12.x.x on Windows and Linux.
- Attackers with non-administrative privileges can exploit this flaw to tamper with local files within affected VMs.
- The severity of the vulnerability is rated as βModerateβ with a CVSS score of 6.1.
- No workarounds are available; affected users must update to VMware Tools 12.5.2 or the corresponding patches for open-vm-tools.
- Linux distributions and vendors have issued patches, and users should update their open-vm-tools accordingly.
- macOS versions of VMware Tools are unaffected by this vulnerability.
- The vulnerability was responsibly reported, and patches were released before any known exploitation in the wild.
Read More: https://thecyberexpress.com/vmware-tools-vulnerability-cve-2025-22247/