Broadcom patches high-severity Authentication Bypass flaw in VMware Tools for Windows
Take action: This one is not a terrifying flaw, but it's still wise to patch your VMware Tools. If external users connect to the guest VMs on your VMware, patch ASAP. If you are the only user, patch as a regular update cycle.
Learn More
Broadcom has released security updates to address a high-severity authentication bypass vulnerability in VMware Tools for Windows that enables local attackers with non-administrative privileges on a Windows guest VM to perform certain high-privilege operations within that virtual machine.
The flaw is tracked as CVE-2025-22230 (CVSS score 7.8) and stems from improper access control in the software suite, which provides performance enhancements and system integration for guest operating systems running in VMware virtual machines.
According to VMware's security advisory VMSA-2025-0005 published on March 25, 2025, the vulnerability requires low attack complexity, does not require user interaction and allows privilege escalation from low to high privileges. It can be exploited by non-administrative users.
Affected products are VMware Tools for Windows versions 12.x.x and 11.x.x. VMware Tools for Linux and macOS are explicitly noted as unaffected by this vulnerability.
Broadcom recommends that users update to VMware Tools 12.5.1, which contains the security patches to address this vulnerability. The company noted that VMware Tools 12.4.6, which is part of VMware Tools 12.5.1, addresses the issue specifically for Windows 32-bit systems.
No workarounds have been provided for this vulnerability, making patching the only viable mitigation strategy.
