This article peeked my interest due to the nature of it being a VMware vulnerability. Between the fact that I worked for VMware for many years and I was just working inside VMware Workstation Pro building out a Windows environment the last few days made me take a second look on this article.
The bigger company and more widely used your products, the more it makes you a target for hackers. This just proves no matter how much they may dedicate to securing software, there is always someone smarter and with the time and resources to find a way in!
Below article written by Sergiu Gatlan…
Broadcom released security updates today to fix a high-severity authentication bypass vulnerability in VMware Tools for Windows.
VMware Tools is a suite of drivers and utilities designed to improve performance, graphics, and overall system integration for guest operating systems running in VMware virtual machines.
The vulnerability (CVE-2025-22230) is caused by an improper access control weakness and was reported by Sergey Bliznyuk of Positive Technologies (a sanctioned Russian cybersecurity company accused of trafficking hacking tools).
Local attackers with low privileges can exploit it in low-complexity attacks that don’t require user interaction to gain high privileges on vulnerable VMs.
“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM,” VMware explains in a security advisory published on Tuesday.
Earlier this month, Broadcom also patched three VMware zero days (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226), which were tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center.
As the company explained at the time, attackers with privileged administrator or root access can chain these vulnerabilities to escape the virtual machine’s sandbox.
Days after patches were released, threat monitoring platform Shadowserver found over 37,000 internet-exposed VMware ESXi instances vulnerable to CVE-2025-22224 attacks.
Ransomware gangs and state-sponsored hackers frequently target VMware vulnerabilities, as VMware products are widely used in enterprise operations to store or transfer sensitive corporate data.
For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China’s 2024 Matrix Cup hacking contest.
In January 2024, Broadcom also disclosed that Chinese state hackers had used a critical vCenter Server zero-day vulnerability (CVE-2023-34048) since late 2021 to deploy VirtualPita and VirtualPie backdoors on affected ESXi systems.
SOURCE ARTICLE:
