Summary: Broadcom has released security updates for a severe authentication bypass vulnerability (CVE-2025-22230) affecting VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. This flaw, caused by improper access control, affects VMware Tools versions 12.x.x and 11.x.x. Affected organizations are urged to update urgently, as exploitation in the wild may pose significant risks.
Affected: VMware Tools for Windows
Keypoints :
- Vulnerability tracked as CVE-2025-22230 with a CVSS score of 9.8.
- Allows local low-privileged attackers to escalate privileges on vulnerable VMs without user interaction.
- Updates necessary for VMware Tools versions 12.x.x and 11.x.x for Windows, Linux, and macOS.
- Broadcom previously addressed three other critical VMware zero-day vulnerabilities exploited in the wild.
- This vulnerability potentially allows attackers to access the hypervisor after compromising a virtual machine.