CyberSecurity news
@support.broadcom.com
//
Broadcom has issued an urgent patch to address a moderate-severity vulnerability, CVE-2025-22247, affecting VMware Tools versions 11.x.x and 12.x.x. The flaw, characterized as an insecure file handling vulnerability, could be exploited by attackers with limited access within a guest virtual machine (VM). This could allow them to tamper with local files and trigger insecure file operations, potentially leading to further security breaches within the virtual environment. The vulnerability impacts VMware Tools running on Windows and Linux operating systems, while macOS is reportedly unaffected.
Broadcom's security advisory highlights that VMware Tools contains this insecure file handling vulnerability which can be exploited by an attacker with non-administrative privileges within a guest VM. The successful exploitation of CVE-2025-22247 could allow the attacker to tamper with local files, leading to unauthorized actions. VMware has released VMware Tools version 12.5.2 to remediate this vulnerability. For Windows 32-bit systems, the fix is included in VMware Tools 12.4.7, also part of the 12.5.2 release.
For Linux systems, the advisory notes that updates addressing CVE-2025-22247 will be distributed by individual Linux vendors. It is crucial for Linux users to stay informed about updates from their respective distribution vendors. System administrators are urged to take immediate action by updating to the latest versions of VMware Tools to mitigate the risks associated with this vulnerability. Sergey Bliznyuk of Positive Technologies has been credited for reporting the vulnerability.
ImgSrc: thecyberexpress
References :
- securityonline.info: VMware Tools Update Addresses Insecure File Handling Vulnerability
- Open Source Security: Re: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools
- thecyberexpress.com: New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch
- securityonline.info: VMware Tools Update Addresses Insecure File Handling Vulnerability
- Rescana: Patch Now: Secure VMware Tools from Insecure File Handling Vulnerability CVE-2025-22247
- Open Source Security: CVE-2025-22247 - Insecure file handling vulnerability in open-vm-tools
Classification:
- HashTags: #VMware #Vulnerability #Patch
- Company: VMware
- Target: VMware users
- Product: VMware Tools
- Feature: Insecure file operations
- Type: Vulnerability
- Severity: Moderate