CVE-2025-22247

EPSS 0.07%
Veröffentlicht 12.05.2025 10:46:36
Zuletzt bearbeitet 18.11.2025 20:15:45
Quelle security@vmware.com
CVE-Watchlists
Login
Unerledigt
Login

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt VMware Tools

Default Statusunaffected

Version < 12.5.2

Version 12.x.x, 11.x.x

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.224

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@vmware.com	6.1	1.8	4.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683

http://www.openwall.com/lists/oss-security/2025/05/12/2

http://www.openwall.com/lists/oss-security/2025/05/13/2

https://lists.debian.org/debian-lts-announce/2025/05/msg00017.html

http://www.openwall.com/lists/oss-security/2025/09/24/3

http://www.openwall.com/lists/oss-security/2025/09/25/3

http://www.openwall.com/lists/oss-security/2025/09/25/5

http://www.openwall.com/lists/oss-security/2025/09/26/1

https://nvd.nist.gov/vuln/detail/CVE-2025-22247

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-22247

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-22247

EUVD