VMware has issued an emergency patch to address a critical security vulnerability in its VMware Tools for Windows suite. The CVE-2025-22230 flaw allows non-administrative users on a Windows guest virtual machine to execute high-privilege operations within the VM.
The authentication bypass bug, rated CVSS 7.8/10, is caused by improper access control and has significant consequences. VMware has credited Positive Technologies researcher with discovering the issue and has released a fix in version 12.5.1 of VMware Tools for Windows.
However, Linux and macOS versions of the utilities remain unaffected. The VMware Tools suite is designed to enhance virtual machine performance and management, providing features like improved graphics, mouse integration, and time synchronization between host and guest operating systems.
Source: https://www.securityweek.com/vmware-patches-authentication-bypass-flaw-in-windows-tools-suite