A moderate-severity vulnerability in VMware Tools could allow attackers with limited privileges to manipulate files and trigger insecure operations within virtual machines.

The vulnerability, tracked as CVE-2025-22247, affects both Windows and Linux versions of VMware Tools 11.x.x and 12.x.x, with macOS versions confirmed to be unaffected.

Since there are currently no workarounds and exploitation might compromise the integrity of impacted virtual machines, prompt patching is highly advised.

CVE-2025-22247: VMware Tools Insecure File Handling

According to the Broadcom advisory, the insecure file handling vulnerability allows “a malicious actor with non-administrative privileges on a guest VM to tamper the local files to trigger insecure file operations within that VM”. 

The vulnerability has received a CVSSv3 base score of 6.1, placing it in the moderate severity range. Security researcher Sergey Bliznyuk of Positive Technologies has been credited with discovering and reporting the vulnerability to VMware. 

This latest security issue follows several other VMware vulnerabilities addressed earlier this year, including a critical TOCTOU vulnerability (CVE-2025-22224) affecting VMware ESXi and Workstation that could lead to out-of-bounds write and potential code execution.

This type of vulnerability is particularly concerning in virtualized environments where multiple tenants share physical infrastructure.

Even though the impact is contained within the guest VM, it could be used as part of a larger attack chain or for privilege escalation within the virtual machine.

Mitigations

Broadcom has released VMware Tools version 12.5.2 to remediate the vulnerability for Windows and Linux systems. For Windows 32-bit systems specifically, VMware Tools 12.4.7, which is included in the 12.5.2 release, addresses the issue. 

Linux users should note that their respective Linux vendors will distribute the fixed version of open-vm-tools addressing CVE-2025-22247, with versions potentially varying based on the Linux distribution and vendor.

The vulnerability impacts commonly deployed VMware software across the enterprise virtualization infrastructure. 

VMware Tools is a suite of utilities that enhances the performance of virtual machines’ guest operating systems and improves management of the VMs. 

It includes drivers that enable features for better graphics performance, time synchronization, clipboard sharing, and file transfer between host and guest machines.

This security update comes just two months after the release of VMware Tools 12.5.1 in March 2025, which resolved another security vulnerability tracked as CVE-2024-43590. 

The frequent security updates highlight the ongoing security challenges faced by virtualization software vendors.

IT administrators are strongly encouraged to apply the patches as soon as possible, particularly in multi-tenant environments where the risk of lateral movement between virtual machines is heightened. 

No workarounds are available for this vulnerability, making patching the only effective mitigation strategy.

Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar