Broadcom warns of worrying security flaws affecting VMware tools

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

(Image credit: Shutterstock)

Broadcom was recently tipped off about an authentication bypass flaw in VMware Tools
The 7.8 bug was quickly fixed, but no workarounds are available
The bug affects Windows users, while Linux and macOS users are safe

Broadcom has warned its users of a high-severity vulnerability recently discovered in VMware Tools, a toolset for virtual machines (VM) running on VMware platforms.

In a security advisory, the company said it released a fix for the flaw, suggesting users apply it as soon as possible.

VMware Tools is a set of utilities that enhances the performance, usability, and management of VMs running on VMware platforms. It improves graphics, enables seamless mouse movement, synchronizes time between host and VM, and allows for better integration between the guest OS and the host system.

Performing "high-privilege operations"

Broadcom, the owner of VMware, said it was recently tipped off about an authentication bypass vulnerability by security researcher Sergey Bliznyuk of Positive Technologies.

The flaw is now being tracked as CVE-2025-22230, and was given a severity score of 7.8/10 (high).

“A malicious actor with non-administrative privileges on a Windows guest VM may gain the ability to perform certain high-privilege operations within that VM,” Broadcom said in the advisory, without mentioning if there is any evidence of abuse in the wild.

The company stressed there were no workarounds for this issue, suggesting applying the patch is the only way to mitigate the risk.

The bug was only found on the Windows platform, with Linux and macOS being safe.

“VMware Tools 12.4.6 which is part of VMware Tools 12.5.1 addresses the issue for Windows 32-bit,” Broadcom concluded.

Ransomware gangs and state-sponsored hackers “frequently target” VMware vulnerabilities, BleepingComputer reported, stating that VMware products were “widely used in enterprise operations” to store or transfer sensitive corporate data.

In late January 2025, for example, TechRadar Pro reported cybercriminals were using SSH tunneling functionality on VMware’s ESXi bare metal hypervisors for stealthy persistence, to help them deploy ransomware on target endpoints.

Via BleepingComputer

This ransomware gang is using SSH tunnels to target VMware appliances
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.