VMware and Broadcom released an update addressing a potentially serious security vulnerability.
The vendor said that the flaw, designated as CVE-2025-22230, concerns an authentication bypass hole in the VMware tools component. The flaw itself is down to an access control weakness that would potentially allow log-ins without proper authentication.
In action, this would mean that someone operating without proper account credentials could not only log into a virtual machine, but also gain some level of administrator clearance on that local system.
“VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control,” Broadcom said in disclosing the flaw and the subsequent patch for the hypervisor tool.
“A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.”
If there is one saving grace in this disclosure, it is that the described flaw does not appear to reach beyond the VM level. In other words, an attacker who successfully exploited the vulnerability would not be able to leverage the flaw into a wider attack on the hypervisor itself or the server hosting other VMware instances.
In other words, you cannot use this flaw to take over other VMware machines, only to gain privileges within the instance you are already logged onto. The flaw was issued a CVSS score of 7.8, making it worthy of being quickly addressed but not necessarily a critical event.
That said, such "important" level security flaws can quickly become critical security issues when chained with other low-severity exploits that could form the components for a full system takeover.
Credit for discovery was given to Sergey Bliznyuk of Positive Technologies, who is said to have found and reported the flaw to VMware directly. There were no reports of the vulnerability being disclosed or targeted for exploitation in the wild.
Administrators are advised to update their installations of VMware tools to version 12.5.1 or later in order to obtain the patch for the flaw.
The update comes just three weeks after VMware and parent company Broadcom had to issue an emergency update to address a trio of vulnerabilities in the VMware platform that were being actively exploited. Those flaws included security holes that would potentially allow an attacker to take hypervisor control over the target machine.
