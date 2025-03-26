Broadcom warns of worrying security flaws affecting VMware tools

News
By published

Fix for VMware authentication bypass vulnerability was recently released

A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
(Image credit: Shutterstock)
  • Broadcom was recently tipped off about an authentication bypass flaw in VMware Tools
  • The 7.8 bug was quickly fixed, but no workarounds are available
  • The bug affects Windows users, while Linux and macOS users are safe

Broadcom has warned its users of a high-severity vulnerability recently discovered in VMware Tools, a toolset for virtual machines (VM) running on VMware platforms.

In a security advisory, the company said it released a fix for the flaw, suggesting users apply it as soon as possible.

VMware Tools is a set of utilities that enhances the performance, usability, and management of VMs running on VMware platforms. It improves graphics, enables seamless mouse movement, synchronizes time between host and VM, and allows for better integration between the guest OS and the host system.

Monitor your credit score with TransUnion starting at $29.95/month

Monitor your credit score with TransUnion starting at $29.95/month

TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.

Preferred partner (What does this mean?)

View Deal

Performing "high-privilege operations"

Broadcom, the owner of VMware, said it was recently tipped off about an authentication bypass vulnerability by security researcher Sergey Bliznyuk of Positive Technologies.

The flaw is now being tracked as CVE-2025-22230, and was given a severity score of 7.8/10 (high).

“A malicious actor with non-administrative privileges on a Windows guest VM may gain the ability to perform certain high-privilege operations within that VM,” Broadcom said in the advisory, without mentioning if there is any evidence of abuse in the wild.

The company stressed there were no workarounds for this issue, suggesting applying the patch is the only way to mitigate the risk.

The bug was only found on the Windows platform, with Linux and macOS being safe.

“VMware Tools 12.4.6 which is part of VMware Tools 12.5.1 addresses the issue for Windows 32-bit,” Broadcom concluded.

Ransomware gangs and state-sponsored hackers “frequently target” VMware vulnerabilities, BleepingComputer reported, stating that VMware products were “widely used in enterprise operations” to store or transfer sensitive corporate data.

In late January 2025, for example, TechRadar Pro reported cybercriminals were using SSH tunneling functionality on VMware’s ESXi bare metal hypervisors for stealthy persistence, to help them deploy ransomware on target endpoints.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
Security
Broadcom releases fixes for multiple VMware security flaws
A person&#039;s fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
A person at a laptop with a cybersecure lock symbol floating above it.
Parallels Desktop has some worrying security flaws for Mac users
Digital image of a lock.
Nvidia systems could be facing another worrying security flaw
Best free Linux firewalls
SonicWall tells admins to patch worrying SSLVPN flaw immediately
A VPN runs on a mobile phone placed on a laptop keyboard
SonicWall firewalls hit by worrying cyberattack
Latest in Security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Latest in News
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone&#039;s hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
More about security
URL phishing

HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware

Cl0p resurgence drives ransomware attacks to new highs in 2025
Apple Music on a tablet, showing a new Listening Guide feature

Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
See more latest
Most Popular
Apple Music on a tablet, showing a new Listening Guide feature
Apple Music Classical just got 3 excellent perks in its biggest upgrade since launch
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Quick move in Civ 7.
Sid Meier's Civilization 7 update 1.1.1 is here and it finally adds a setting that I've wanted since day one
A green claw wraps around the carcass of a monster
Is Lagiacrus coming to Monster Hunter Wilds? Some fans are convinced, and here's why
Gemini on a smartphone.
Gemini 2.5 is now available for Advanced users and it seriously improves Google’s AI reasoning
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Google Maps on a phone being held in someone&#039;s hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI
Android Auto
Android Auto 14.0 is rolling out now – and it'll soon swap Google Assistant for the smarter Gemini
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list