A moderate-severity vulnerability identified as CVE-2025-22247 has been discovered in VMware Tools (versions 11.x.x and 12.x.x for Windows and Linux), potentially allowing attackers with non-administrative access to manipulate local files and trigger insecure operations within virtual machines (VMs). The vulnerability, discovered by Sergey Bliznyuk of Positive Technologies, poses a risk to guest VM integrity through insecure file handling and could be used as part of a broader attack chain or for privilege escalation within the VM. macOS versions of VMware Tools are not affected.

This flaw allows limited-privilege users on guest machines to tamper with local files, potentially leading to malicious actions within the VM environment. While the impact is isolated to guest VMs, the vulnerability is particularly concerning in multi-tenant virtualized environments, where compromised VMs may serve as launchpads for deeper attacks. The vulnerability has been given a CVSS v3.1 base score of 6.1, placing it in the moderate severity category.

No workarounds exist, making patching the only viable mitigation. The researcher has released VMware Tools 12.5.2 to address the issue across Windows and Linux. For Windows 32-bit systems, the included VMware Tools 12.4.7 resolves the vulnerability. Linux systems will receive patched versions through their respective Linux vendors, varying by distribution. Users are urged to ensure updates to open-vm-tools are applied once available from their vendor repositories.

This vulnerability follows a string of security issues in VMware products, including the critical CVE-2025-22224 (a TOCTOU vulnerability) earlier this year. The recurring nature of these vulnerabilities emphasizes the importance of regular security updates for virtualization platforms. VMware Tools, being essential for guest performance and management, must be kept current to ensure safe operation, especially in enterprise and cloud environments where VM compromise can lead to lateral movement and broader breaches.