CVE-2025-22247
6.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Summary
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware Tools | 12.x.x, 11.x.x < 12.5.2 | affected |
Weaknesses
- CWE-59: CWE-59 Improper Link Resolution Before File Access ('Link Following')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2025/05/12/2
- http://www.openwall.com/lists/oss-security/2025/05/13/2
- https://lists.debian.org/debian-lts-announce/2025/05/msg00017.html
- http://www.openwall.com/lists/oss-security/2025/09/24/3
- http://www.openwall.com/lists/oss-security/2025/09/25/3
- http://www.openwall.com/lists/oss-security/2025/09/25/5
- http://www.openwall.com/lists/oss-security/2025/09/26/1
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.