A recently revealed VMware Tools vulnerability could allow attackers with limited access to compromise virtual machines (VMs). Broadcom, the company that owns VMware, issued a
security advisory warning that this flaw could be exploited to perform insecure file operations within affected VMs.
Tracked as CVE-2025-22247, the vulnerability impacts VMware Tools versions 12.x.x and 11.x.x on both Windows and Linux operating systems. The security bulletin (VMSA-2025-0007), published on May 12, 2025, notes that attackers with non-administrative privileges on a guest VM could exploit this weakness to alter local files, potentially causing unauthorized actions within the virtual environment.
“This vulnerability was privately reported, and we’ve taken swift action to provide patches,” stated Broadcom in the advisory. “A malicious actor with non-administrative privileges on a guest VM may tamper with local files to trigger insecure file operations within that VM.”
Rated as “Moderate” in severity, the VMware Tools vulnerability has a CVSSv3 base score of 6.1. While it is not considered critical, the flaw could be particularly concerning in enterprise environments where VMs often handle sensitive workloads.
There are currently no workarounds available for CVE-2025-22247.
Broadcom has confirmed that there are no workarounds for the VMware Tools vulnerability, and the only solution is to update to a fixed version, VMware Tools 12.5.2. For Windows users, VMware Tools 12.4.7, which is included in version 12.5.2, specifically addresses the issue for 32-bit systems.
This vulnerability does not only affect the proprietary VMware Tools; its open-source counterpart, open-vm-tools, used widely in Linux environments, is also vulnerable. Broadcom has issued patches to the open-vm-tools community to integrate security fixes into previous releases. Additionally, Broadcom has worked with Linux vendors to provide corresponding patches, although the fixed version numbers may vary depending on the distribution and vendor. Users are advised to follow updates from their respective Linux vendors for the latest versions. The advisory also confirms that macOS versions of VMware Tools are not affected by the issue.
The vulnerability was responsibly reported to VMware by Sergey Bliznyuk of Positive Technologies, a cybersecurity researcher acknowledged in Broadcom’s statement. His findings led to the identification and remediation of the issue before any known exploitation in the wild.
Summary of Affected Versions and Fixes
Conclusion
The VMware Tools vulnerability (CVE-2025-22247) affects VMware Tools versions 11.x.x and 12.x.x on both Windows and Linux platforms, with macOS unaffected. With a CVSS score of 6.1 and no workaround available, it is crucial for system administrators to promptly apply the necessary patches to avoid exposing virtual machines to potential tampering by users with limited access.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
