CVE-2025-22230

Published Mar 25, 2025

Last updated 3 days ago

CVSS high 7.8
Windows
VMware Tools

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-22230 is an authentication bypass vulnerability that affects VMware Tools for Windows. The vulnerability stems from improper access control within the software. A malicious actor with non-administrative privileges on a Windows guest virtual machine (VM) could exploit this vulnerability to gain the ability to perform certain high-privilege operations within that VM. This vulnerability impacts VMware Tools for Windows versions 11.x.x and 12.x.x.

Description
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
Source
security@vmware.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@vmware.com
CWE-288

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2025-22230

    @transilienceai

    29 Mar 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🚨 Critical Security Alert 🚨 A new authentication bypass vulnerability, CVE-2025-22230, has been discovered in Broadcom/VMware systems. This flaw could allow attackers to bypass authentication mechanisms, potentially exposing sensitive data and systems to unauthorized access.

    @Cybermazh

    28 Mar 2025

    54 Impressions

    2 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  3. CVE-2025-22230 Vulnerability Improper Access Control: A Deep Dive https://t.co/aEk2TX0zIP https://t.co/qo1utWOa3T

    @huntingjacq

    27 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 📰 Latest News: Authentication bypass CVE-2025-22230 impacts VMware Windows Tools More on: https://t.co/rRPTTREiMZ https://t.co/jPfKzPZv9K

    @StudiosClancy

    27 Mar 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Windows版のVMware Tools に認証バイパスの脆弱性、対象者はアップデートを(CVE-2025-22230) #セキュリティ対策Lab #セキュリティ #Security https://t.co/2UY4P204DP

    @securityLab_jp

    27 Mar 2025

    69 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2025-22230 🔴 HIGH (7.8) 🏢 Unknown Vendor - VMware Tools 🏗️ 12.x.x, 11.x.x 🔗 https://t.co/s96fIduDUQ #CyberCron #VulnAlert #InfoSec https://t.co/HaYeJJRVOf

    @cybercronai

    26 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. VMware Tools for Windows Authentication Bypass Vulnerability: CVE-2025-22230 is an authentication bypass vulnerability in VMware Tools for Windows, resulting from improper access control mechanisms. #ThreatIntel #RedLeggCTI #VMware https://t.co/klWxA6JPWz

    @RedLegg

    26 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Broadcom has addressed CVE-2025-22230, an authentication bypass vulnerability in #VMware Tools that could let attackers gain high-privilege access in Windows guest VMs. Organizations should patch immediately to prevent potential exploitation. More below: https://t.co/BqjS4azQoN

    @NetizenCorp

    26 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. #Authentication_bypass CVE-2025-22230 impacts #VMware #Windows Tools https://t.co/jvOJ2DPT46 https://t.co/hESoRU60bZ

    @omvapt

    26 Mar 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2025-22230 : Authentication bypass in VMware Windows Tools VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines. https://t.co/QiH4wBTLaF

    @freedomhack101

    26 Mar 2025

    29 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Broadcom addressed a high-severity authentication bypass vulnerability (CVE-2025-22230, CVSS 9.8) in VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. Affected versions include 12.x.x and 11.x.x. Exploitation in the wild is suspected but https://

    @gothburz

    26 Mar 2025

    126 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. BroadcomがVMware Windows Toolsにおける認証バイパスの脆弱性に警告(CVE-2025-22230) https://t.co/3sqKd8xV4y #Security #セキュリティ #ニュース

    @SecureShield_

    26 Mar 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 👉 Broadcom has patched a high-severity #flaw in VMware Tools for Windows (CVE-2025-22230, CVSS 7.8) that allows non-admin users on a Windows guest VM to perform high-privilege operations due to improper access control 🤖 #vulnerability https://t.co/ILaZpSdqH6

    @manuelbissey

    26 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Authentication bypass CVE-2025-22230 impacts VMware Windows Tools https://t.co/clJqHB6Y2n

    @hackplayers

    26 Mar 2025

    548 Impressions

    2 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. 📌 تم اكتشاف ثغرات أمنية جديدة في VMware Tools وCrushFTP. قامت Broadcom بإصدار تصحيحات للثغرة شديدة الخطورة (CVE-2025-22230) في VMware Tools لنظام Windows، والتي قد تؤدي إلى تجاوز المصادقة، وتُقيَّم هذه الثغرة بـ 7.8 على مقياس CVSS من عشرة نقاط. #الامن_السيبراني https://t.co/OjM

    @Cybercachear

    26 Mar 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨Broadcom patches high-severity vulnerability (CVE-2025-22230) in VMware Tools for Windows; CrushFTP addresses unauthenticated HTTP(S) port access flaw in versions 10 & 11. No workarounds—update immediately! #CyberSecurity #VMware #CrushFTP https://t.co/YEEG28vZ19

    @syberintel

    26 Mar 2025

    62 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. 🚨 Broadcom just patched CVE-2025-22230, a 7.8 CVSS auth bypass in VMware Tools for Windows (v11.x.x & 12.x.x). No workaround. Fixed in v12.5.1—patch now. Also: CrushFTP v10 & v11 hit by unauth’d HTTP(S) access bug. Not actively exploited, but still dangerous. 🔗 Full d

    @TheHackersNews

    26 Mar 2025

    10960 Impressions

    37 Retweets

    61 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  18. Broadcomは、VMware Tools for Windows の認証回避の脆弱性(CVE-2025-22230)に対処するため、セキュリティアップデートを公開しました。攻撃者が一般ユーザー権限でWindows仮想マシンにログインしている状態でも、ユーザーの操作なしで管理者権限の操作が可能です。https://t.co/Jdumps74iD https://t.co/xTpptG802u

    @t_nihonmatsu

    26 Mar 2025

    304 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Broadcom has issued critical updates for VMware Tools on Windows to fix CVE-2025-22230, allowing local attackers to escalate privileges. Targeting continues amid rising ransomware threats. 🔒💻 #VMware #CVE2025 #USA link: https://t.co/zRKXTUMO4G https://t.co/oAJLppxXK3

    @TweetThreatNews

    25 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 🚨 CVE-2025-22230 🔴 HIGH (7.8) 🏢 Unknown Vendor - VMware Tools 🏗️ 12.x.x, 11.x.x 🔗 https://t.co/s96fIduDUQ #CyberCron #VulnAlert #InfoSec https://t.co/tonj26xMgj

    @cybercronai

    25 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CVE-2025-22230: Authentication Bypass Vulnerability in VMware Tools for Windows https://t.co/wrMI9xe0Dq

    @_cvereports

    25 Mar 2025

    4 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CVE-2025-22230 impacts VMware Tools #CVE-2025-22230 #VMware https://t.co/NZIyULqB1u

    @pravin_karthik

    25 Mar 2025

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. VMwareは2025年3月、Windows版VMware Toolsに存在する認証回避の脆弱性(CVE-2025-22230)に対し、緊急パッチを公開した。この脆弱性により、Windows仮想マシン内の非管理者ユーザーが高権限操作を実行できる可能性がある。

    @yousukezan

    25 Mar 2025

    1737 Impressions

    0 Retweets

    11 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  24. 👉VMSA-2025-0005: VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)! #VMUG #TechCommunity #vExpert #vCommunity #VMwareExplore @VMUGAdv #Patching #windows #cve #CyberSecurity #Vulnerability #Exploit @MyVMUG #infosec https://t.c

    @BhanuNaik_2026

    25 Mar 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. New post from https://t.co/uXvPWJy6tj (CVE-2025-22230 | VMware Tools up to 12.5.0 on Windows authentication bypass) has been published on https://t.co/L3k7EqNFJo

    @WolfgangSesin

    25 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. CVE-2025-22230 VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a gue… https://t.co/fzNJLLVQqB

    @CVEnew

    25 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References