Ddos 
A recent security advisory from Broadcom highlights a significant security update for VMware Tools for Windows. The advisory details an authentication bypass vulnerability that could allow a malicious actor with non-administrative privileges on a Windows guest virtual machine (VM) to perform certain high-privilege operations within that VM.
The vulnerability, identified as CVE-2025-22230, has been assessed as having an “Important” severity with a maximum CVSSv3 base score of 7.8. The advisory explicitly states, “VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control“.
This issue exclusively affects VMware Tools running on Windows operating systems. Notably, VMware Tools versions 12.x.x and 11.x.x are impacted by this vulnerability.
To address this critical flaw, VMware has released version 12.5.1 of VMware Tools. Users of affected VMware products are strongly advised to update to the latest version to mitigate the risk associated with this vulnerability.
VMware has credited Sergey Bliznyuk of Positive Technologies for reporting this issue. Currently, the advisory indicates that there are no known workarounds for this vulnerability, further emphasizing the importance of applying the available update.
Related Posts:
- VmWare release the patch to fix use-after-free and integer-overflow vulnerabilities
- VmWare releases the patch to fix CPU vulnerabilities in VMware ESXi, Workstation and Fusion
- VMware ESXi Vulnerability Exposes Thousands of Servers to Ransomware
- Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning
- New VMware Findings: Kernel Drivers’ Vulnerabilities Risk Total Device Takeover
About The Author
