May 12, 2025 — VMware has released a security advisory (VMSA-2025-0007) alerting users to a vulnerability in the VMware Tools component used in virtual machines running Windows and Linux operating systems. The vulnerability, identified as CVE-2025-22247, has been rated with a moderate severity and a CVSSv3 score of 6.1. It affects versions 11.x.x and 12.x.x of VMware Tools, with an update already available to mitigate the issue.
A security flaw in local file handling
The discovered issue pertains to an insecure file handling vulnerability. According to VMware, an attacker with limited privileges within a virtual machine (VM) could manipulate local files and cause undesirable behaviors that compromise the integrity of the environment.
The vulnerability was responsibly reported by Sergey Bliznyuk from the specialized firm Positive Technologies. VMware has acknowledged their contribution to identifying the flaw, which is now addressed through a software update.
Which products are affected?
The affected operating systems are Windows and Linux, in the specified versions of VMware Tools. In the case of macOS, the flaw does not occur and requires no intervention.
| Platform | Product | Affected Versions | Status | Fixed Version |
|---|---|---|---|---|
| Windows | VMware Tools | 11.x.x, 12.x.x | Affected | 12.5.2 (includes 12.4.7 for 32-bit) |
| Linux | open-vm-tools | 11.x.x, 12.x.x | Affected | 12.5.2 (depending on distribution) |
| macOS | VMware Tools | 11.x.x, 12.x.x | Not affected | N/A |
No workarounds: updating is essential
There are no available workarounds to temporarily mitigate the flaw, so VMware recommends applying the appropriate patches as soon as possible. For Windows environments, the update is available in version 12.5.2 of VMware Tools. For Linux, it is advised to pay attention to the distribution in use, as patches will be delivered by the official package providers for each system.
Technical analysis and risk assessment
The attack vector requires local access (AV:L) and limited privileges (PR:L), but does not require user interaction (UI:N). While it does not allow for remote execution, it can be used to compromise local files within the guest operating system.
CVSSv3 Vector:
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
CVSS Calculator at FIRST.org
Recommendations for system administrators
The VMware security team (now part of Broadcom) has emphasized the importance of keeping integration tools like VMware Tools updated, especially in enterprise environments where dozens or hundreds of virtual machines with different operating systems are running.
Conclusion
Although this is not a critical vulnerability, CVE-2025-22247 underscores the need for regular reviews of complementary tools in virtualized environments. VMware’s swift response, along with collaboration from security researchers, has enabled a patch to be made available before active exploits are detected.
Updating to VMware Tools 12.5.2 is thus a highly recommended preventive measure for all affected Windows and Linux environments.
Source: VMware