Do Son 
Broadcom has just released a security update to address a critical vulnerability in VMware Tools for Windows. The flaw, classified as an authentication bypass vulnerability, can be exploited by attackers to escalate privileges within a virtual machine.
VMware Tools comprises utilities and drivers designed to enhance virtual machine compatibility, graphics rendering, system performance, and host-guest integration—ultimately enabling more seamless interaction with virtualized environments.
Tracked as CVE-2025-22230, the vulnerability stems from improper access control and was disclosed by Sergey Bliznyuk, a security researcher at Positive Technologies. Interestingly, Positive Technologies is a Russian cybersecurity firm previously sanctioned by the United States for allegedly trafficking in hacking tools—raising questions about the motivations behind the disclosure.
According to Bliznyuk, a local attacker with limited privileges can exploit this vulnerability through a low-complexity attack that requires no user interaction, enabling the execution of high-privilege operations within a vulnerable virtual machine.
Earlier this month, Broadcom also patched three VMware zero-day vulnerabilities—CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226—discovered by Microsoft’s Threat Intelligence Center. Data from Microsoft indicates that these flaws had already been weaponized by malicious actors. With administrator or root-level access, attackers could exploit them to escape virtual machine sandboxes, posing a severe security risk.
While these vulnerabilities are unlikely to affect most home users in a significant way, it remains essential to promptly apply updates to VMware and VMware Tools to mitigate exposure to known threats.
