Auth bypass vuln in VMWare Tools for Windows. Nice.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.
https://nvd.nist.gov/vuln/detail/CVE-2025-22230
cR0w /
npub1z3…cp45m
2025-03-25 15:37:51
Author Public Key
npub1z3sfut2znnrtgl0qt4q6npq8zmjd9c97ck0gh0me44ua6lzaaajq6cp45mPublished at
2025-03-25 15:37:51Event JSON
{
"id": "1ee5b1b748839a398401a3569a1289ef4117fdf7a9605e05c5c44958cd6814b9",
"pubkey": "14609e2d429cc6b47de05d41a9840716e4d2e0bec59e8bbf79ad79dd7c5def64",
"created_at": 1742917071,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/cR0w/statuses/114223813198911960",
"activitypub"
]
],
"content": "Auth bypass vuln in VMWare Tools for Windows. Nice.\n\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518\n\nsev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\n\nVMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22230",
"sig": "4da850427a4b63499bc8da4f6b2b5e4a902d755fc723e2df810d9da4f298d548bf3dfc5d0daa2641d437115f05fd24469e1fad0f7a6560649af718447e9c6983"
}