Broadcom is warning customers of a high-severity, authentication bypass flaw, now fixed, affecting VMWare Tools for Windows.
Tracked as CVE-2025-22230, the issue stems from improper access control and could allow privilege escalation on the affected system.
“An authentication bypass vulnerability in VMware Tools for Windows was privately reported to VMware,” said Broadcom in a security advisory. “Updates are available to remediate this vulnerability in the affected VMware products.”
VMware Tools for Windows is a suite of utilities designed for the performance and functionality of Windows-based virtual machines (VMs) running on VMware-based hypervisors.
A high-risk vulnerability
The flaw is assigned a high-severity CVSS rating with a base score of 7.8 out of 10. The flaw is rated in the high severity range as it can be exploited in low-complexity attacks without any user interaction.
“A malicious actor with non-administrative privileges on a guest VM may gain the ability to perform certain high privilege operations within that VM,” Broadcom said in a security advisory.
While Broadcom did not mention the exact privileges obtainable from a successful exploit, common risks associated with an admin/root level privilege on vulnerable VMs include escaping the VM to attack the host, moving laterally to other VMs, and creating and controlling rogue VMs.
The vulnerability was reported to VMware by Sergey Bliznyuk of Positive Technologies.
Patching is the only workaround
Broadcom advisory noted that the flaw does not have any workarounds and customers must apply patches rolled out on Tuesday to defend against exploitation.
Affected products include all 11.x and 12.x versions of VMware tools for Windows, and are patched in the 12.5.1[1] rollout. VMware tools for Linux and macOS remain unaffected and customers need to do anything.
Earlier this month VMware plugged three critical vulnerabilities affecting its VMware ESXi, Workstation, and Fusion products that were being actively exploited in the wild by attackers. VMware products are an attractive target for threat actors due to their extensive use in enterprise IT, cloud computing, and data centers. Exploitation can grant attackers privileged access, disrupt critical services, and facilitate lateral movement within virtualized environments.
