cbcvebase.
CVE-2025-22247
published 2025-05-12

CVE-2025-22247: VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to…

medium6.1CVSS 3.1
AVLACLPRLUINSUCLIHAN
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Affected

7 ranges
VendorProductVersion rangeFixed in
debianopen-vm-tools< open-vm-tools 2:12.2.0-1+deb12u3 (bookworm)open-vm-tools 2:12.2.0-1+deb12u3 (bookworm)
msrcazl3_open-vm-tools_12.3.5-2_on_azure_linux_3.0
msrccbl2_open-vm-tools_11.3.0-4_on_cbl_mariner_2.0
vmwareopen-vm-tools>= 0 < 2:11.2.5-2+deb11u42:11.2.5-2+deb11u4
vmwareopen-vm-tools>= 0 < 2:12.2.0-1+deb12u32:12.2.0-1+deb12u3
vmwareopen-vm-tools>= 0 < 2:12.5.0-22:12.5.0-2
vmwareopen-vm-tools>= 0 < 2:12.5.0-22:12.5.0-2

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
osv6.1MEDIUM