- Broadcom was recently tipped off about an authentication bypass flaw in VMware Tools
- The 7.8 bug was quickly fixed, but no workarounds are available
- The bug affects Windows users, while Linux and macOS users are safe
Broadcom has warned its users of a high-severity vulnerability recently discovered in VMware Tools, a toolset for virtual machines (VM) running on VMware platforms.
In a security advisory, the company said it released a fix for the flaw, suggesting users apply it as soon as possible.
VMware Tools is a set of utilities that enhances the performance, usability, and management of VMs running on VMware platforms. It improves graphics, enables seamless mouse movement, synchronizes time between host and VM, and allows for better integration between the guest OS and the host system.
Performing “high-privilege operations”
Broadcom, the owner of VMware, said it was recently tipped off about an authentication bypass vulnerability by security researcher Sergey Bliznyuk of Positive Technologies.
The flaw is now being tracked as CVE-2025-22230, and was given a severity score of 7.8/10 (high).
“A malicious actor with non-administrative privileges on a Windows guest VM may gain the ability to perform certain high-privilege operations within that VM,” Broadcom said in the advisory, without mentioning if there is any evidence of abuse in the wild.
The company stressed there were no workarounds for this issue, suggesting applying the patch is the only way to mitigate the risk.
The bug was only found on the Windows platform, with Linux and macOS being safe.
“VMware Tools 12.4.6 which is part of VMware Tools 12.5.1 addresses the issue for Windows 32-bit,” Broadcom concluded.
Ransomware gangs and state-sponsored hackers “frequently target” VMware vulnerabilities, BleepingComputer reported, stating that VMware products were “widely used in enterprise operations” to store or transfer sensitive corporate data.
In late January 2025, for example, TechRadar Pro reported cybercriminals were using SSH tunneling functionality on VMware’s ESXi bare metal hypervisors for stealthy persistence, to help them deploy ransomware on target endpoints.
Via BleepingComputer
Leave a comment