EXECUTIVE SUMMARY:
VMware Tools for Windows has been impacted by authentication bypass vulnerability, tracked as CVE-2025-22230. This flaw enables non-administrative users within a guest virtual machine (VM) to execute high-privilege operations that should typically be restricted. The issue arises due to improper access control mechanisms within VMware Tools, allowing unauthorized users to exploit system functionalities beyond their intended permissions. The vulnerability carries a CVSS v3.1 base score of 7.8, classifying it as a high-severity threat. Attackers who successfully exploit this flaw could gain elevated privileges within the VM environment, potentially leading to further security risks, including unauthorized system modifications, data manipulation, or even lateral movement within a virtualized infrastructure.
RECOMMENDATION:
We recommend you update VMware to version 12.5.1.
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/vmware-tools-for-windows-hit-by-cve-2025-22230-auth-bypass-flaw/