Broadcom has released a security advisory addressing a moderate-severity vulnerability in VMware Tools, identified as CVE-2025-22247, which could allow malicious users with limited privileges on a virtual machine (VM) to tamper with local files and trigger insecure file operations.
The security advisory from Broadcom highlights that “VMware Tools contains an insecure file handling vulnerability.” This flaw could be exploited by an attacker with non-administrative privileges within a guest VM. The attacker could potentially “tamper [with] the local files to trigger insecure file operations within that VM,” leading to further security breaches.
The vulnerability impacts VMware Tools versions 12.x.x and 11.x.x running on Windows and Linux operating systems. However, macOS is listed as unaffected.
Broadcom and VMware have credited Sergey Bliznyuk of Positive Technologies for reporting this vulnerability.
To remediate this vulnerability, VMware has released VMware Tools version 12.5.2. For Windows 32-bit systems, the issue is addressed in VMware Tools 12.4.7, which is included in the 12.5.2 release.
It’s important to note that for Linux systems, the advisory states that “a version of open-vm-tools that addresses CVE-2025-22247 will be distributed by Linux vendors.” This means that the fixed version may vary depending on the specific Linux distribution and vendor.
Users of VMware Tools on Windows and Linux are strongly advised to update to the latest versions to mitigate the risk posed by this vulnerability. For Linux users, it is crucial to stay informed about updates from their respective distribution vendors.
