Virtualization technology giant VMware on Tuesday released an urgent fix for an authentication bypass security defect affecting its VMware Tools for Windows utilities suite.
The vulnerability, tagged as CVE-2025-22230, opens the door for a malicious actor with non-administrative privileges on a Windows guest virtual machine to perform certain high-privilege operations within that VM.
According to an important-severity bulletin from VMware, the authentication bypass bug is caused by improper access control and carries a CVSS severity score of 7.8/10.
The company credited the discovery of the bug to a researcher at Russian cybersecurity vendor Positive Technologies and noted that patches have been fitted into VMware Tools for Windows v 12.5.1.
The Linux and macOS versions of the utilities are not affected.
VMware Tools for Windows is a suite of utilities and drivers that enhances the performance and management of virtual machines, providing features like improved graphics, mouse integration, and time synchronization between the host and guest operating systems.
Related: Exploited VMware ESXi Flaws Put Many at Risk of Ransomware
Related: Broadcom Patches 3 VMware Zero-Days Exploited in the Wild
Related: VMware Patches High-Risk Flaws in Oft-Targeted Aria Operations
Related: VMware Patches Blind SQL Injection Bug in Avi Load Balancer
