Broadcom-owned VMware has released security updates to fix a moderate-severity vulnerability (CVE-2025-22247) in VMware Tools, which has a CVSS score of 6.1.
The issue affects how VMware Tools handles files and could let non-admin users in guest virtual machines (VMs) perform unauthorized file operations.
The flaw only affects Windows and Linux systems. macOS systems are not impacted.
CVE-2025-22247 stems from insecure file handling in VMware Tools, a utility suite that improves guest OS performance in virtual machines. Improper validation of file operations could allow privilege escalation or unauthorized file changes.
VMware explained that a local attacker with limited access on a guest VM could manipulate local files to trigger these insecure operations.
While the attack requires local access, it still poses a risk—especially in shared environments with multiple VM users.
The flaw was privately reported by Sergey Bliznyuk from Positive Technologies, and details were published in VMware’s advisory VMSA-2025-0007 on May 12, 2025.
Affected Systems and Risk
The vulnerability affects VMware Tools versions 11.x.x and 12.x.x on Windows and Linux. macOS systems are not impacted.
Rated as “Moderate” with a CVSS score of 6.1, the flaw allows local users with limited privileges to carry out unauthorized file operations. While the attack is local and needs no user interaction, it can significantly impact system integrity.
Environments with shared virtual machines face higher risk, especially when multiple users have different access levels.
Patching and Mitigation
VMware has released Tools version 12.5.2 to fix the issue.
- For Windows 32-bit, the fix is in version 12.4.7 (included in 12.5.2).
- Linux users should update via their distro’s open-vm-tools package.
No workaround exists—patching is the only fix. VMware urges organizations to update as soon as possible, especially in shared VM environments. Patches and documentation are available through VMware’s official support portal.
VMware also stressed the importance of keeping VM tools up to date, as virtual machine security goes beyond just the hypervisor.
![Nifty[.]com Infrastructure Exploited in Phishing Attack](https://firsthackersnews.com/wp-content/uploads/2023/10/Phishing-Attacks_-Recognize-and-Avoid-Email-Phishing-1-500x383.jpg)
Leave A Comment