Broadcom warns of worrying security flaws affecting VMware tools

Broadcom was recently tipped off about an authentication bypass flaw in VMware Tools
The 7.8 bug was quickly fixed, but no workarounds are available
The bug affects Windows users, while Linux and macOS users are safe

Broadcom has warned its users of a high-severity vulnerability recently discovered in VMware Tools, a toolset for virtual machines (VM) running on VMware platforms.

In a security advisory, the company said it released a fix for the flaw, suggesting users apply it as soon as possible.

VMware Tools is a set of utilities that enhances the performance, usability, and management of VMs running on VMware platforms. It improves graphics, enables seamless mouse movement, synchronizes time between host and VM, and allows for better integration between the guest OS and the host system.

Performing “high-privilege operations”

Broadcom, the owner of VMware, said it was recently tipped off about an authentication bypass vulnerability by security researcher Sergey Bliznyuk of Positive Technologies.

The flaw is now being tracked as CVE-2025-22230, and was given a severity score of 7.8/10 (high).

“A malicious actor with non-administrative privileges on a Windows guest VM may gain the ability to perform certain high-privilege operations within that VM,” Broadcom said in the advisory, without mentioning if there is any evidence of abuse in the wild.

The company stressed there were no workarounds for this issue, suggesting applying the patch is the only way to mitigate the risk.

The bug was only found on the Windows platform, with Linux and macOS being safe.

“VMware Tools 12.4.6 which is part of VMware Tools 12.5.1 addresses the issue for Windows 32-bit,” Broadcom concluded.

Ransomware gangs and state-sponsored hackers “frequently target” VMware vulnerabilities, BleepingComputer reported, stating that VMware products were “widely used in enterprise operations” to store or transfer sensitive corporate data.

In late January 2025, for example, TechRadar Pro reported cybercriminals were using SSH tunneling functionality on VMware’s ESXi bare metal hypervisors for stealthy persistence, to help them deploy ransomware on target endpoints.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/NGKiUcJVFBC8HkMp9dTo9a-1200-80.jpg

Source link

Quordle hints and answers for Saturday, April 4 (game #1531)

NYT Connections hints and answers for Saturday, April 4 (game #1028)

NYT Strands hints and answers for Saturday, April 4 (game #762)

Dell packs full desktop performance into a palm-sized device that’s powered entirely through a single USB-C connection

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

‘Love on the Spectrum’ Renewed At Netflix For Season 5

Jonathan Majors Falls Through Window of Daily Wire Movie Set

Love on the Spectrum Season 5 Renewal, Connor Tomlinson Exits

Michael B. Jordan Nephew, Niece for Netflix Swapped TikTok Video

Why the eurozone growth hit may be more severe this time

Trump administration can’t make colleges provide race-related data, judge rules

Canberra urges Easter travel as fuel shortages hit rural Australia

Sloan, Spyre Therapeutics CMO, sells $397k in shares

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

Broadcom warns of worrying security flaws affecting VMware tools

‘Love on the Spectrum’ Renewed At Netflix For Season 5

Why the eurozone growth hit may be more severe this time

Jonathan Majors Falls Through Window of Daily Wire Movie Set

Trump administration can’t make colleges provide race-related data, judge rules