What is the severity of CVE-2025-22230?

CVE-2025-22230 is classified as a high severity vulnerability due to its potential to allow unauthorized operations within a guest VM.

How do I fix CVE-2025-22230?

To fix CVE-2025-22230, update VMware Tools for Windows to the latest version that addresses this authentication bypass vulnerability.

Who is affected by CVE-2025-22230?

Any user with non-administrative privileges on a guest VM utilizing VMware Tools for Windows is affected by CVE-2025-22230.

What type of vulnerability is CVE-2025-22230?

CVE-2025-22230 is an authentication bypass vulnerability caused by improper access control within VMware Tools for Windows.

What actions can an attacker take with CVE-2025-22230?

An attacker exploiting CVE-2025-22230 can perform high privilege operations within the affected VM despite having non-administrative privileges.

Vulnerability/
CVE-2025-22230

Exploited

high

7.8

CWE

288

25/3/2025

27/3/2025

CVE-2025-22230: Authentication bypass vulnerability

First published: Tue Mar 25 2025(Updated: )

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware Tools

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2025-22230?
CVE-2025-22230 is classified as a high severity vulnerability due to its potential to allow unauthorized operations within a guest VM.
How do I fix CVE-2025-22230?
To fix CVE-2025-22230, update VMware Tools for Windows to the latest version that addresses this authentication bypass vulnerability.
Who is affected by CVE-2025-22230?
Any user with non-administrative privileges on a guest VM utilizing VMware Tools for Windows is affected by CVE-2025-22230.
What type of vulnerability is CVE-2025-22230?
CVE-2025-22230 is an authentication bypass vulnerability caused by improper access control within VMware Tools for Windows.
What actions can an attacker take with CVE-2025-22230?
An attacker exploiting CVE-2025-22230 can perform high privilege operations within the affected VM despite having non-administrative privileges.

collector/mitre-cve
source/MITRE
agent/weakness
agent/title
agent/severity
agent/author
agent/type
agent/description
agent/first-publish-date
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2025-22230
alias/CVE-2025-22224
alias/CVE-2025-22225
alias/CVE-2025-22226
alias/CVE-2024-38813
alias/CVE-2024-38812
alias/CVE-2023-34048
agent/references
agent/source
agent/event
agent/trending
collector/nvd-api
source/NVD
agent/last-modified-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/news-ai
zeroday/true
exploited/true
vendor/vmware
canonical/vmware tools

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.