If you are using VMware Tools for Windows, it is imperative to upgrade to the newest release. Broadcom, which purchased VMware for $69 billion in 2023, has introduced a fix for a critical vulnerability that is actively being exploited by cyber offenders.
The flaw impacts VMware Tools for Windows versions 11.x.x and 12.x.x, but has been resolved in version 12.5.1. Broadcom has verified that no alternative solutions are accessible, so impacted users are advised to upgrade promptly.
Detailed information about this security weakness
VMware Tools for Windows is a collection of tools that enhance the performance and features of Windows-based virtual machines running on VMware systems. It provides capabilities such as screen resolution adjustment, seamless blending of mouse and keyboard functions, and improved time synchronization between host and guest setups.
According to Broadcom’s security advisory, CVE-2025-22230 is labeled as an “authentication bypass vulnerability.” While exact technical details are scarce, Broadcom suggests that the vulnerability originates from flawed access control mechanisms in certain versions of VMware Tools for Windows.
Notably, the company stated, “A malevolent entity holding non-administrative privileges on a Windows guest (virtual machine) could obtain the ability to execute specific high-privilege tasks within that virtual machine.”
The vulnerability carries a CVSS rating of 7.8 out of 10, denoting a major security concern. Its exploitation does not demand user interaction.
Sergey Bliznyuk from Positive Technologies, a Russian cybersecurity company sanctioned by the U.S. Treasury in 2021 for alleged provision of security utilities and hosting recruitment events for Russian intelligence services, reported the vulnerability.
Frequently targeted VMware vulnerabilities
Recent updates revealed that Broadcom addressed three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion. These vulnerabilities demanded attackers to possess administrator or root access to a virtual machine, but upon successful exploitation, enabled them to break out of its enclosed environment and infiltrate the underlying hypervisor, potentially jeopardizing all connected virtual machines and sensitive data. Approximately 41,500 VMware ESXi instances were flagged as vulnerable due to CVE-2025-22224.
Last year, VMware ESXi servers encountered a ransomware variant that followed a double-extortion scheme, with the attackers impersonating a legitimate entity. Cybercriminals target VMware due to its widespread usage in business environments. Furthermore, a breach of the hypervisor can empower attackers to disable multiple virtual machines simultaneously and eliminate recovery choices like snapshots or backups, leading to substantial disruptions in business operations.
About Author
