CVE-2025-22230

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518

Configurations

No configuration.

History

27 Mar 2025, 16:45

Type	Values Removed	Values Added
Summary		(es) VMware Tools para Windows contiene una vulnerabilidad de omisión de autenticación debido a un control de acceso inadecuado. Un atacante con privilegios no administrativos en una máquina virtual invitada podría obtener la capacidad de realizar ciertas operaciones con privilegios elevados dentro de esa máquina virtual.

25 Mar 2025, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-25 14:15

Updated : 2025-03-27 16:45

NVD link : CVE-2025-22230

Mitre link : CVE-2025-22230

CVE.ORG link : CVE-2025-22230

JSON object : View

Products Affected

No product.

CWE

CWE-288

Authentication Bypass Using an Alternate Path or Channel

7.8 /10