A newly disclosed VMware Tools vulnerability could enable attackers with limited access to compromise virtual machines (VMs). Broadcom, which owns VMware, issued a security advisory warning that the flaw could be exploited to perform insecure file operations within affected VMs.
The vulnerability, tracked as CVE-2025-22247, affects VMware Tools versions 12.x.x and 11.x.x on Windows and Linux operating systems. According to the security bulletin (VMSA-2025-0007) released on May 12, 2025, attackers with non-administrative privileges on a guest VM can exploit this weakness to tamper with local files, potentially leading to unauthorized behaviors within the virtual environment.
“This vulnerability was privately reported, and we’ve taken swift action to provide patches,” Broadcom stated in the advisory. “A malicious actor with non-administrative privileges on a guest VM may tamper with the local files to trigger insecure file operations within that VM.”
The VMware Tools vulnerability has been rated “Moderate” in severity, with a CVSSv3 base score of 6.1. While not considered critical, the nature of the flaw could target enterprise environments where VMs often house sensitive workloads.
No Workarounds Available for CVE-2025-22247
Broadcom has confirmed that there are no workarounds for this vulnerability, and updating to a fixed version, VMware Tools 12.5.2, is the only option. For Windows users, VMware Tools 12.4.7, which is part of 12.5.2, addresses the issue specifically for 32-bit systems.
The vulnerability doesn’t just affect the proprietary VMware Tools. Its open-source counterpart, open-vm-tools, widely used in Linux environments, is also vulnerable through the open-source version, open-vm-tools. Broadcom has issued patches to the open-vm-tools community to integrate security fixes into previous releases. Broadcom has also collaborated with Linux vendors to provide a corresponding patch, although the fixed version numbers may vary depending on the distribution and vendor. Users are advised to follow their respective Linux vendors for the updated versions.
The advisory also notes that macOS versions of VMware Tools are not affected by the issue. The vulnerability was responsibly reported to VMware by Sergey Bliznyuk of Positive Technologies, a cybersecurity researcher acknowledged in Broadcom’s statement. His findings led to the identification and remediation of the issue before any known exploitation occurred in the wild.
Summary of Affected Versions and Fixes
| Platform | Affected Versions | Fixed Version | CVSS Score | Severity |
| Windows | 12.x.x, 11.x.x | 12.5.2 | 6.1 | Moderate |
| Linux | 12.x.x, 11.x.x | 12.5.2 (via vendors) | 6.1 | Moderate |
| macOS | N/A | Not Affected | N/A | N/A |
Conclusion
The recently disclosed VMware Tools vulnerability (CVE-2025-22247) affects versions 11.x.x and 12.x.x on both Windows and Linux platforms, with macOS remaining unaffected. With a CVSS score of 6.1 and no available workaround, it is important that system administrators take immediate action to apply the necessary patches. Failing to do so could leave virtual machines exposed to potential tampering by users with even limited access.
