CVE-2025-22247

Description

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

PUBLISHED Reserved 2025-01-02 | Published 2025-05-12 | Updated 2025-11-18 | Assigner vmware

Problem types

CWE-59 Improper Link Resolution Before File Access ('Link Following')

References

www.openwall.com/lists/oss-security/2025/05/12/2

www.openwall.com/lists/oss-security/2025/05/13/2

lists.debian.org/debian-lts-announce/2025/05/msg00017.html

www.openwall.com/lists/oss-security/2025/09/24/3

www.openwall.com/lists/oss-security/2025/09/25/3

www.openwall.com/lists/oss-security/2025/09/25/5

www.openwall.com/lists/oss-security/2025/09/26/1

support.broadcom.com/...l/content/SecurityAdvisories/0/25683

cve.org (CVE-2025-22247)

nvd.nist.gov (CVE-2025-22247)

Download JSON