CVE-2025-22247Link Following in Vmware Tools

CWE-59Link FollowingCWE-266Incorrect Privilege Assignment9 documents8 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 44.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware ToolsVmware Open-vm-tools
Timeline
PublishedMay 12
Latest updateJun 3

Description

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:NExploitability: 1.8 | Impact: 4.2

Affected Packages2 packages

CVEListV5vmware/vmware_tools12.x.x, 11.x.x12.5.2
Debianvmware/open-vm-tools< 2:11.2.5-2+deb11u4+3

🔴Vulnerability Details

3
OSV
CVE-2025-22247: VMware Tools contains an insecure file handling vulnerability2025-05-12
GHSA
GHSA-mqmq-2p8r-q32f: VMware Tools contains an insecure file handling vulnerability2025-05-12
CVEList
Insecure file handling vulnerability2025-05-12

📋Vendor Advisories

5
Ubuntu
Open VM Tools vulnerability2025-06-03
Microsoft
Insecure file handling vulnerability2025-05-13
Ubuntu
Open VM Tools vulnerability2025-05-13
Red Hat
open-vm-tools: Insecure file handling2025-05-12
Debian
CVE-2025-22247: open-vm-tools - VMware Tools contains an insecure file handling vulnerability. A malicious actor...2025
CVE-2025-22247 — Link Following in Vmware Tools | cvebase