Broadcom has released critical security patches to address a high security authentication bypass flaw in Vmware Tools for Windows, tracked as CVE-2025-22230.This vulnerability stems from improper access control.
VMware Tools are a set of utilities designed to enhance performance and integrations for guest OSes in VMware virtual machines, It was reported by a Sergey Bliznyuk of Positive Technologies, a Russian cybersecurity firm linked to trafficking hacking tools.
Key Points
- Local attackers with low privileges can exploit this vulnerability to elevate their privileges on affected virtual machines without needing user interaction.
- VMware explained in a Tuesday advisory that an attacker with non-administrative rights on a Windows guest VM could perform high-privilege actions within that VM.
Threat Landscape
This comes just weeks after Broadcom patched several VMware zero-day vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) which were already being exploited, according to the Microsoft Threat Intelligence Center. These flaws could allow attackers to escape VMware’s virtual machine sandbox, if they have privileged admin or root access.
Following the recent patches, threat-monitoring platform Shadowserver found more than 37,00 VMware ESXi instances exposed to the internet still vulnerable to the CVE-2025-22224 flaw.
For instance, in November 2024, Broadcom warned that attackers were actively exploiting two critical VMware vCenter Server vulnerabilities identified during China’s Matrix Cup hacking contest. Earlier this year, Broadcom also disclosed that Chinese state-backed hackers had exploited another vCenter Server zero-day (CVE-2023-34048) to install backdoors on affected systems dating back to 2021.
The Bottom Line
With threat actors consistently exploiting weaknesses in VMware environments, businesses must prioritize timely updates to safeguard their virtual infrastructure.
Source:hxxps[://]support[.]broadcom[.]com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
Follow us on X and LinkedIn for the latest cybersecurity news.
