CyberSecurity news

FlagThis

Pierluigi Paganini@Security Affairs //
Broadcom has issued security updates to address a high-severity authentication bypass vulnerability affecting VMware Tools for Windows. Tracked as CVE-2025-22230, the flaw stems from improper access control, potentially allowing a malicious actor with non-administrative privileges on a guest virtual machine to perform high-privilege operations. Discovered by Sergey Bliznyuk of Positive Technologies, the vulnerability impacts VMware Tools versions 11.x.x and 12.x.x.

Security experts are urging users to apply the updates promptly, as there are currently no known workarounds besides patching. The vulnerability has been assigned a CVSS score of 7.8 out of 10, highlighting its severity. It exclusively affects VMware Tools running on Windows operating systems, emphasizing the importance of immediate action for affected users.
Original img attribution: https://securityaffairs.com/wp-content/uploads/2021/04/vmware-logo.png
ImgSrc: securityaffairs

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Security Affairs: Broadcom released security updates to address a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows.
  • securityonline.info: VMware Tools for Windows Hit by CVE-2025-22230 Auth Bypass Flaw
  • The DefendOps Diaries: Understanding the VMware Tools Authentication Bypass Vulnerability
  • thehackernews.com: New Security Flaws Found in VMware Tools and CrushFTP — High Risk, No Workaround
  • www.csoonline.com: VMware plugs a high-risk vulnerability affecting its Windows-based virtualization
  • BleepingComputer: Broadcom Warns of Authentication Bypass in VMware Windows Tools
  • www.techradar.com: Broadcom warns of worrying security flaws affecting VMware tools
  • Security Risk Advisors: New VMware Tools vulnerability (CVE-2025-22230) allows non-admin Windows guest users to perform privileged operations.
  • Security | TechRepublic: Update VMware Tools for Windows Now: High-Severity Flaw Lets Hackers Bypass Authentication
  • securityaffairs.com: Broadcom addressed a high-severity authentication bypass vulnerability, tracked as CVE-2025-22230 (CVSS score 9.8), impacting VMware Tools for Windows.
Classification: