Should you use VMware Instruments for Home windows, it’s important to replace to the most recent model. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that’s actively being exploited by cybercriminals.
The vulnerability impacts VMware Instruments for Home windows variations 11.x.x and 12.x.x, however has been patched in model 12.5.1. Broadcom confirmed that no workarounds can be found, so affected customers ought to replace instantly.
What are the main points about this authentication bypass vulnerability?
VMware Instruments for Home windows is a collection of utilities that enhances the efficiency and performance of Home windows-based digital machines working on VMware platforms. It helps features like show decision, seamless mouse and keyboard integration, and higher time synchronization between host and visitor methods.
CVE-2025-22230 is classed as an “authentication bypass vulnerability,” based on Broadcom’s safety advisory. Whereas technical particulars stay restricted, Broadcom means that the flaw outcomes from improper entry management mechanisms in some variations of VMware Instruments for Home windows.
“A malicious actor with non-administrative privileges on a Home windows visitor (digital machine) could acquire (the) capability to carry out sure high-privilege operations inside that VM,” the corporate mentioned.
The vulnerability has a CVSS rating of seven.8 out of 10, indicating a high-severity challenge. It doesn’t require consumer interplay for exploitation.
The vulnerability was reported by Sergey Bliznyuk of Optimistic Applied sciences, a Russian cybersecurity agency sanctioned by the U.S. Treasury in 2021 for allegedly offering safety instruments to and internet hosting recruitment occasions for Russian intelligence companies.
VMware vulnerabilities are oft-targeted
Earlier this month, Broadcom patched three actively exploited zero-day vulnerabilities in VMware ESXi, Workstation, and Fusion. These required attackers to have administrator or root entry to a digital machine, but when they did, they might escape its sandbox and breach the underlying hypervisor, probably exposing all linked digital machines and delicate information. On the time, practically 41,500 VMWare ESXi cases have been recognized as susceptible attributable to CVE-2025-22224.
Final 12 months, VMware ESXi servers have been hit by a double-extortion ransomware variant, with the menace actors impersonating an actual group. Hackers like to focus on VMware as it’s broadly utilized in enterprise. Moreover, compromising the hypervisor can enable attackers to disable a number of digital machines concurrently and take away restoration choices similar to snapshots or backups, guaranteeing a major influence on a enterprise’s operations.
Arabic
Chinese (Simplified)
Dutch
English
French
German
Italian
Japanese
Korean
Latin
Portuguese
Russian
Spanish