Summary: Broadcom has issued critical security patches for VMware Tools for Windows to fix an authentication bypass vulnerability, tracked as CVE-2025-22230, rated 7.8 on the CVSS scale. The flaw affects versions 11.x.x and 12.x.x, allowing non-administrative users to perform high-privilege operations. Furthermore, CrushFTP has reported a separate unauthenticated HTTP(S) port access vulnerability in versions 10 and 11, still awaiting a CVE identifier.
Affected: VMware Tools for Windows, CrushFTP
Keypoints :
- VMware Tools for Windows has a high-severity authentication bypass vulnerability (CVE-2025-22230).
- Vulnerability allows non-administrative users to perform high-privilege operations within a Windows guest VM.
- CrushFTP is aware of an unauthenticated HTTP(S) port access vulnerability, which is not actively being exploited.
- Users are advised to promptly apply updates for both VMware and CrushFTP to mitigate risks.
Source: https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html