CVE-2025-22230

7.8

High

Published:25 Mar 2025

Last updated:17 Jun 2026

Source:security@vmware.com

Deferred

Weakness (CWE)

CWE-288CWE-288

CVSS Vector

v3.1

Attack Vector: Local
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: High
Availability: High

View on MITRE Find PoC on GitHub

Description

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

References

security@vmware.com

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518