Emergency Security Bulletin: VMware Tools for Windows

featured image

By: RedLegg's Cyber Threat Intelligence Team

About:

RedLegg will occasionally communicate vulnerabilities released outside the usual release schedule to provide additional value to our customers. These emergency bulletins describe vulnerabilities or threats we classify as the highest severity level and warrant out-of-band emergency patching or mitigation action.


VULNERABILITIES

VMware Tools for Windows Authentication Bypass Vulnerability

CVSS Score: 7.8 (High)  
Identifier: CVE-2025-22230 
Exploit or Proof of Concept (PoC): As of now, there are no public reports of active exploitation or available proof-of-concept exploits for this vulnerability.  
Update: CVE-2025-22230 – VMware Security Advisory

Description: CVE-2025-22230 is an authentication bypass vulnerability in VMware Tools for Windows, resulting from improper access control mechanisms. A malicious actor with non-administrative privileges on a Windows guest virtual machine (VM) could exploit this vulnerability to perform high-privilege operations within that VM. The vulnerability affects VMware Tools versions 11.x.x and 12.x.x on Windows platforms. 

Mitigation Recommendation: VMware has addressed this vulnerability in VMware Tools version 12.5.1. Administrators are advised to upgrade to this version promptly to mitigate potential risks. There are no known workarounds for this issue; therefore, applying the update is the recommended course of action. 

Note: While there are no current reports of this vulnerability being exploited in the wild, it is advisable to apply the provided updates promptly to maintain the security and integrity of virtualized environments.