VMware Patches Authentication Bypass Flaw in Windows Tool

On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a malicious user with basic access on a Windows guest virtual machine to execute high-privilege tasks within that VM.

VMware’s important bulletin states that an authentication bypass bug, due to improper access control, has a CVSS severity score of 7.8/10.

• International

CISA Issued Guidance for SIEM and SOAR Implementation

By infosecbulletin / Sunday , June 1 2025

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...

Read More

• Vulnerabilities

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

By infosecbulletin / Saturday , May 31 2025

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....

Read More

• International

Australia enacts mandatory ransomware payment reporting

By infosecbulletin / Saturday , May 31 2025

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...

Read More

• Hot Topic

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

By infosecbulletin / Saturday , May 31 2025

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...

Read More

• Alert
• Vulnerabilities

CVE-2023-39780
Botnet hacks thousands of ASUS routers

By infosecbulletin / Thursday , May 29 2025

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to...

Read More

• Alert
• Bank

Bangladesh Bank instructed using AI to prevent online gambling

By infosecbulletin / Wednesday , May 28 2025

The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central...

Read More

• Cyber Attack
• Vulnerabilities

251 Amazon-Hosted IPs Used in Exploit Scan for ColdFusion, Struts, and Elasticsearch

By infosecbulletin / Wednesday , May 28 2025

Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May...

Read More

• Hot Topic

Zero-Trust Policy bypass to Exploit Vulns & Manipulate NHI Secrets

By infosecbulletin / Monday , May 26 2025

Recent security research has shown that attackers can weaken zero-trust security frameworks by exploiting a key DNS vulnerability, disrupting automated...

Read More

• Cyber Attack
• Data Breach

Evaly E-commerce Platform Allegedly Hacked

By infosecbulletin / Saturday , May 24 2025

Evaly, a Bangladeshi e-commerce platform, is reportedly facing a major data breach that may have exposed sensitive information of around...

Read More

• Alert
• Vulnerabilities

Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

By infosecbulletin / Friday , May 23 2025

A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative...

Read More

The company acknowledged a researcher from Positive Technologies, a Russian cybersecurity firm, for discovering the bug and stated that patches have been added to VMware Tools for Windows v 12.5.1.

The Linux and macOS versions of the utilities are not affected.

VMware Tools for Windows is a set of utilities and drivers that improves virtual machine performance and management, offering enhanced graphics, better mouse integration, and time synchronization between the host and guest operating systems.

Over 40% of cloud environments are vulnerable to RCE