CVE-2025-22230

Published Mar 25, 2025

Last updated 3 months ago

CVSS high 7.8
VMware Tools
Windows

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-22230 is an authentication bypass vulnerability that affects VMware Tools for Windows. The vulnerability stems from improper access control within the software. A malicious actor with non-administrative privileges on a Windows guest virtual machine (VM) could exploit this vulnerability to gain the ability to perform certain high-privilege operations within that VM. This vulnerability impacts VMware Tools for Windows versions 11.x.x and 12.x.x.

Description
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@vmware.com
CWE-288

Social media

Hype score
Not currently trending

  1. VMware Tools for Windows'ta bulunan CVE-2025-22230 açığı ciddi bir sorun. Saldırgan, düşük ayrıcalıklarla yüksek yetkili işlemler yapabiliyor ve bunu çözmek için yamalar hemen uygulanmalı gibi görünüyor.

    @adirabilisim

    16 May 2025

    22 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ⚠️ CVE-2025-22230 ⚠️ ‼️VMware Tools for Windows update addresses an authentication bypass vulnerability‼️ https://t.co/q8edCjSAfI https://t.co/3svPYC2GLc

    @HackingTeam777

    25 Apr 2025

    66 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. Una vulnerabilidad crítica de autenticación (CVE-2025-22230) afecta a VMware Tools para Windows y permite a atacantes eludir controles de seguridad, poniendo en riesgo sistemas corporativos y de nube. 👇👇 𝗩𝗨𝗟𝗡𝗘𝗥𝗔𝗕𝗜𝗟𝗜𝗗𝗔𝗗 𝗖𝗥𝗜́𝗧𝗜𝗖𝗔 𝗘𝗡 𝗩𝗠𝗪𝗔𝗥𝗘 https://t.

    @C1B3R53CUR1TY

    18 Apr 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 3. VMware Tools Güvenlik Açığı (CVE-2025-22230) Broadcom, Windows için VMware Tools’ta, düşük yetkili kullanıcıların sanal makinelerde yüksek ayrıcalıklı işlemler gerçekleştirmesine olanak tanıyan bir kimlik doğrulama atlama açığı tespit etti. Bu açık, sanal makine güvenliğini

    @MuratDemirtas

    12 Apr 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Actively exploited CVE : CVE-2025-22230

    @transilienceai

    31 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Toca descargar la versión 12.5.1 de las VMware Tools debido al CVE-2025-22230: https://t.co/Ju1QR5mHvc #Ciberseguridad https://t.co/C1971Gr2Xv

    @manelrodero

    31 Mar 2025

    90 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Cybersecurity is not just IT's job; it’s a critical part of your legal strategy. Ignoring vulnerabilities like CVE-2025-22230 could expose sensitive data during your divorce. https://t.co/fqlHjqdbIw #DivorceLaw #ChicagoLaw #DigitalPrivacy #LegalPerspective

    @SteeleFamLaw

    30 Mar 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-22230

    @transilienceai

    30 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-22230

    @transilienceai

    29 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 🚨 Critical Security Alert 🚨 A new authentication bypass vulnerability, CVE-2025-22230, has been discovered in Broadcom/VMware systems. This flaw could allow attackers to bypass authentication mechanisms, potentially exposing sensitive data and systems to unauthorized access.

    @Cybermazh

    28 Mar 2025

    54 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. CVE-2025-22230 Vulnerability Improper Access Control: A Deep Dive https://t.co/aEk2TX0zIP https://t.co/qo1utWOa3T

    @huntingjacq

    27 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 📰 Latest News: Authentication bypass CVE-2025-22230 impacts VMware Windows Tools More on: https://t.co/rRPTTREiMZ https://t.co/jPfKzPZv9K

    @StudiosClancy

    27 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Windows版のVMware Tools に認証バイパスの脆弱性、対象者はアップデートを(CVE-2025-22230) #セキュリティ対策Lab #セキュリティ #Security https://t.co/2UY4P204DP

    @securityLab_jp

    27 Mar 2025

    69 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  14. 🚨 CVE-2025-22230 🔴 HIGH (7.8) 🏢 Unknown Vendor - VMware Tools 🏗️ 12.x.x, 11.x.x 🔗 https://t.co/s96fIduDUQ #CyberCron #VulnAlert #InfoSec https://t.co/HaYeJJRVOf

    @cybercronai

    26 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. VMware Tools for Windows Authentication Bypass Vulnerability: CVE-2025-22230 is an authentication bypass vulnerability in VMware Tools for Windows, resulting from improper access control mechanisms. #ThreatIntel #RedLeggCTI #VMware https://t.co/klWxA6JPWz

    @RedLegg

    26 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Broadcom has addressed CVE-2025-22230, an authentication bypass vulnerability in #VMware Tools that could let attackers gain high-privilege access in Windows guest VMs. Organizations should patch immediately to prevent potential exploitation. More below: https://t.co/BqjS4azQoN

    @NetizenCorp

    26 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. #Authentication_bypass CVE-2025-22230 impacts #VMware #Windows Tools https://t.co/jvOJ2DPT46 https://t.co/hESoRU60bZ

    @omvapt

    26 Mar 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. CVE-2025-22230 : Authentication bypass in VMware Windows Tools VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines. https://t.co/QiH4wBTLaF

    @freedomhack101

    26 Mar 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Broadcom addressed a high-severity authentication bypass vulnerability (CVE-2025-22230, CVSS 9.8) in VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. Affected versions include 12.x.x and 11.x.x. Exploitation in the wild is suspected but https://

    @gothburz

    26 Mar 2025

    126 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. BroadcomがVMware Windows Toolsにおける認証バイパスの脆弱性に警告(CVE-2025-22230) https://t.co/3sqKd8xV4y #Security #セキュリティ #ニュース

    @SecureShield_

    26 Mar 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 👉 Broadcom has patched a high-severity #flaw in VMware Tools for Windows (CVE-2025-22230, CVSS 7.8) that allows non-admin users on a Windows guest VM to perform high-privilege operations due to improper access control 🤖 #vulnerability https://t.co/ILaZpSdqH6

    @manuelbissey

    26 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. Authentication bypass CVE-2025-22230 impacts VMware Windows Tools https://t.co/clJqHB6Y2n

    @hackplayers

    26 Mar 2025

    548 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  23. 📌 تم اكتشاف ثغرات أمنية جديدة في VMware Tools وCrushFTP. قامت Broadcom بإصدار تصحيحات للثغرة شديدة الخطورة (CVE-2025-22230) في VMware Tools لنظام Windows، والتي قد تؤدي إلى تجاوز المصادقة، وتُقيَّم هذه الثغرة بـ 7.8 على مقياس CVSS من عشرة نقاط. #الامن_السيبراني https://t.co/OjM

    @Cybercachear

    26 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🚨Broadcom patches high-severity vulnerability (CVE-2025-22230) in VMware Tools for Windows; CrushFTP addresses unauthenticated HTTP(S) port access flaw in versions 10 & 11. No workarounds—update immediately! #CyberSecurity #VMware #CrushFTP https://t.co/YEEG28vZ19

    @syberintel

    26 Mar 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. 🚨 Broadcom just patched CVE-2025-22230, a 7.8 CVSS auth bypass in VMware Tools for Windows (v11.x.x & 12.x.x). No workaround. Fixed in v12.5.1—patch now. Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous. 🔗 Full d

    @TheHackersNews

    26 Mar 2025

    10960 Impressions

    37 Retweets

    61 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  26. Broadcomは、VMware Tools for Windows の認証回避の脆弱性(CVE-2025-22230)に対処するため、セキュリティアップデートを公開しました。攻撃者が一般ユーザー権限でWindows仮想マシンにログインしている状態でも、ユーザーの操作なしで管理者権限の操作が可能です。https://t.co/Jdumps74iD https://t.co/xTpptG802u

    @t_nihonmatsu

    26 Mar 2025

    304 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Broadcom has issued critical updates for VMware Tools on Windows to fix CVE-2025-22230, allowing local attackers to escalate privileges. Targeting continues amid rising ransomware threats. 🔒💻 #VMware #CVE2025 #USA link: https://t.co/zRKXTUMO4G https://t.co/oAJLppxXK3

    @TweetThreatNews

    25 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🚨 CVE-2025-22230 🔴 HIGH (7.8) 🏢 Unknown Vendor - VMware Tools 🏗️ 12.x.x, 11.x.x 🔗 https://t.co/s96fIduDUQ #CyberCron #VulnAlert #InfoSec https://t.co/tonj26xMgj

    @cybercronai

    25 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. CVE-2025-22230: Authentication Bypass Vulnerability in VMware Tools for Windows https://t.co/wrMI9xe0Dq

    @_cvereports

    25 Mar 2025

    4 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. CVE-2025-22230 impacts VMware Tools #CVE-2025-22230 #VMware https://t.co/NZIyULqB1u

    @pravin_karthik

    25 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. VMwareは2025年3月、Windows版VMware Toolsに存在する認証回避の脆弱性(CVE-2025-22230)に対し、緊急パッチを公開した。この脆弱性により、Windows仮想マシン内の非管理者ユーザーが高権限操作を実行できる可能性がある。

    @yousukezan

    25 Mar 2025

    1737 Impressions

    0 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  32. 👉VMSA-2025-0005: VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)! #VMUG #TechCommunity #vExpert #vCommunity #VMwareExplore @VMUGAdv #Patching #windows #cve #CyberSecurity #Vulnerability #Exploit @MyVMUG #infosec https://t.c

    @BhanuNaik_2026

    25 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. New post from https://t.co/uXvPWJy6tj (CVE-2025-22230 | VMware Tools up to 12.5.0 on Windows authentication bypass) has been published on https://t.co/L3k7EqNFJo

    @WolfgangSesin

    25 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CVE-2025-22230 VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a gue… https://t.co/fzNJLLVQqB

    @CVEnew

    25 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.