VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a malicious user with basic access on a Windows guest virtual machine to execute high-privilege tasks within that VM.

VMware’s important bulletin states that an authentication bypass bug, due to improper access control, has a CVSS severity score of 7.8/10.

• Hot Topic

OpenAI Offering $100K Bounties for Critical Vulns

By infosecbulletin / Thursday , March 27 2025

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...

Read More

• Alert

Splunk Alert User RCE and Data Leak Vulns

By infosecbulletin / Thursday , March 27 2025

Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...

Read More

• Alert

CIRT alert Situational Awareness for Eid Holidays

By infosecbulletin / Thursday , March 27 2025

As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...

Read More

• Uncategorized

Cyberattack on Malaysian airports: PM rejected $10 million ransom

By infosecbulletin / Wednesday , March 26 2025

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...

Read More

• Alert
• Vulnerabilities

Micropatches released for Windows zero-day leaking NTLM hashes

By infosecbulletin / Wednesday , March 26 2025

Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...

Read More

• Alert

VMware Patches Authentication Bypass Flaw in Windows Tool

By infosecbulletin / Wednesday , March 26 2025

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...

Read More

• Alert
• Vulnerabilities

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

By infosecbulletin / Tuesday , March 25 2025

Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...

Read More

• Alert
• Vulnerabilities

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

By infosecbulletin / Tuesday , March 25 2025

Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...

Read More

• Cyber Attack
• Data Breach

Oracle refutes breach after hacker claims 6 million data theft

By infosecbulletin / Sunday , March 23 2025

A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...

Read More

• Hot Topic

Russian zero-day seller to offer up to $4 million for Telegram exploits

By infosecbulletin / Saturday , March 22 2025

Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. They seek $500K for one-click...

Read More

The company acknowledged a researcher from Positive Technologies, a Russian cybersecurity firm, for discovering the bug and stated that patches have been added to VMware Tools for Windows v 12.5.1.

The Linux and macOS versions of the utilities are not affected.

VMware Tools for Windows is a set of utilities and drivers that improves virtual machine performance and management, offering enhanced graphics, better mouse integration, and time synchronization between the host and guest operating systems.

Over 40% of cloud environments are vulnerable to RCE