VMware Tools 11.x / 12.x < 12.5.1 Authentication Bypass (VMSA-2025-0005)

The version of VMware Tools installed on the remote Windows host is 11.x or 12.x prior to 12.5.1. It is, therefore, affected by an authentication bypass vulnerability: - VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with...

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System CVSS. "VMware Tools for Windows...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for November 2023.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF027 and 23.0.1-IF005. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin: Common vulnerabilities addressed in Cloudera Data Platform 7.1.9 HF2

Summary Fixes to common vulnerabilities discovered in Cloudera Data Platform 7.1.9 are available to download from Cloudera. Vulnerability Details CVEID:CVE-2017-15718 DESCRIPTION: Apache Hadoop could allow a remote attacker to obtain sensitive information, caused by a flaw in the YARN NodeManager...

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

The vulnerability of the VMware Tools utility set for Windows operating systems relates to bypassing the authentication process by using an alternative path or channel, allowing an intruder to gain increased privileges.

The vulnerability of the VMware Tools utility for Windows operating systems relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability can allow a perpetrator to enhance their privileges within the virtual machine...

VMware Tools Authentication Bypass Vulnerability (VMSA-2025-0005) - Windows

VMware Tools is prone to an authentication bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vmware:tools";...

CVE-2025-27147

The CVE-2025-27147 issue affects the GLPI Inventory Plugin used with GLPI, where versions prior to 1.5.0 contain an improper access control vulnerability. Reported details across connected sources consistently point to an access-control weakness in GLPI Inventory Plugin tasks (network discovery, ...

CVE-2025-22230

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM...

CVE-2025-22230 Authentication bypass vulnerability

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM...

CVE-2025-22230 Authentication bypass vulnerability

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM...

CVE-2025-22230

CVE-2025-22230 – VMware Tools for Windows is affected by an authentication bypass due to improper access control. A non-administrative user on a guest VM may abuse this to perform high-privilege operations within the VM. Affected versions include VMware Tools 11.x and 12.x before 12.5.1; remediat...

VMware Tools for Windows 安全漏洞

VMware Tools for Windows is a suite of Windows-based enhancement tools from VMware that come with VMWare virtual machines, and it is a driver provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with th...

PT-2025-12803

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows versions 11.x.x through 12.x.x Description VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may...

VMSA-2025-0005: VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)

Advisory ID: | VMSA-2025-0005 ---|--- Advisory Severity: | Important CVSSv3 Range: | 7.8 Synopsis: | VMware Tools for Windows update addresses an authentication bypass vulnerability CVE-2025-22230 Issue date: | 2025-03-25 Updated on: | 2025-03-25 Initial Advisory CVEs | CVE-2025-22230 1. Impacted...

PVS Server SOAP service communication fails from remote PVS console

When setting up new Windows Server 2025 virtual machines on VMware to create two new PVS servers, the following issues occur: After installing PVS software and running configuration wizard successfully on the first PVS server, the PVS farm access using this PVS server was only possible using the...

The vulnerability of the VMware Aria Automation (formerly vRealize Automation) automation software and the VMware Cloud Foundation virtualization platform, related to insufficient validation of incoming requests, allows a attacker to perform an SSRF attack.

The vulnerability of the VMware Aria Automation formerly vRealize Automation and VMware Cloud Foundation virtualization platform lies in the insufficient verification of incoming requests. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack by sending a specially...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security protection for Spring-based applications. A security vulnerability exists in VMware Spring Security versions 6.4.0 through 6.4.3 that originates from an authorization bypass...

Photon OS 4.0: Linux PHSA-2025-4.0-0771

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0771. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

VMware Spring Security 安全漏洞

VMware Spring Security is a set of security frameworks from VMware, Inc. that provide illustrative security for Spring-based applications. A security vulnerability exists in VMware Spring Security that stems from incorrectly returning true for passwords longer than 72 characters...