A newly disclosed vulnerability in VMware Tools could let attackers with limited access tamper with files inside virtual machines (VMs), potentially triggering malicious operations.
The flaw, identified as CVE-2025-22247, affects VMware Tools versions 11.x.x and 12.x.x on Windows and Linux. VMware confirmed that macOS versions are not affected.
Moderate Severity, Urgent Patching Recommended
Broadcom, VMware’s parent company, published an advisory explaining that the vulnerability stems from insecure file handling. A malicious user with non-administrative privileges on a guest VM could exploit this flaw to manipulate local files and force unsafe file operations.
The vulnerability has been rated with a CVSS v3 score of 6.1, classifying it as moderate severity. Security researcher Sergey Bliznyuk from Positive Technologies discovered and reported the issue.
Since there are no workarounds, VMware urges all users to apply patches immediately to protect the integrity of their virtual machines.
Recent in a Series of VMware Security Issues
This vulnerability follows several critical flaws patched earlier this year. In particular, a Time-of-Check to Time-of-Use (TOCTOU) vulnerability (CVE-2025-22224) was addressed, which affected VMware ESXi and Workstation. That flaw could lead to out-of-bounds write and even remote code execution.
Though CVE-2025-22247 impacts only the guest VM, it still poses a risk. Attackers could use it as part of a larger attack chain or for privilege escalation within the VM. This is especially concerning in multi-tenant environments, where many virtual machines share the same physical infrastructure.
Patches and Mitigation
To fix the vulnerability, Broadcom has released VMware Tools version 12.5.2 for Windows and Linux systems. For Windows 32-bit systems, the issue is addressed in VMware Tools 12.4.7, which is part of the 12.5.2 release.
For Linux users, updates to the open-vm-tools package will be provided by each Linux distribution vendor, so versions may vary depending on the vendor.
Importance of VMware Tools
VMware Tools is a software suite that enhances the performance of guest operating systems in virtual machines. It provides features like improved graphics performance, time synchronization, clipboard sharing, and file transfers between host and guest systems.
This patch comes shortly after VMware released version 12.5.1 in March 2025, which addressed another vulnerability (CVE-2024-43590). The frequency of these updates reflects the ongoing security challenges faced by virtualization platforms.
Immediate Action Required
IT administrators are strongly advised to deploy the latest patches without delay. In environments where multiple virtual machines operate on shared hardware, the risk of lateral movement by attackers increases significantly.
With no alternative mitigations available, patching remains the only effective solution to protect against this vulnerability.
