CVE-2025-22247

VMware Tools contains an insecure file handling vulnerability.A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
vmwareCNA
6.1 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Debian logo
Debian Releases
Debian Product
Codename
open-vm-tools
bullseye
vulnerable
bullseye (security)
2:11.2.5-2+deb11u4
fixed
bookworm
vulnerable
bookworm (security)
2:12.2.0-1+deb12u3
fixed
sid
2:12.5.0-2
fixed
trixie
2:12.5.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
open-vm-tools
plucky
Fixed 2:12.5.0-1ubuntu0.1
released
oracular
Fixed 2:12.4.5-1ubuntu0.1
released
noble
Fixed 2:12.4.5-1~ubuntu0.24.04.2
released
jammy
Fixed 2:12.3.5-3~ubuntu0.22.04.2
released
focal
Fixed 2:11.3.0-2ubuntu0~ubuntu20.04.8
released
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
http://www.openwall.com/lists/oss-security/2025/05/12/2
http://www.openwall.com/lists/oss-security/2025/05/13/2
https://lists.debian.org/debian-lts-announce/2025/05/msg00017.html