Broadcom warns of authentication bypass in VMware Windows Tools

Source: BleepingComputer Author: Sergiu Gatlan URL: https://www.bleepingcomputer.com/news/security/broadcom-warns-of-authentication-bypass-in-vmware-windows-tools/

ONE SENTENCE SUMMARY:

Broadcom patched a high-severity authentication bypass in VMware Tools for Windows, preventing local attackers from gaining high privileges on VMs.

MAIN POINTS:

1. Broadcom fixed CVE-2025-22230, an authentication bypass vulnerability in VMware Tools for Windows.
2. The flaw stems from improper access control and allows privilege escalation on virtual machines.
3. Local attackers with low privileges can exploit it without user interaction.
4. The vulnerability was reported by Sergey Bliznyuk from Positive Technologies.
5. Broadcom recently patched three VMware zero-days exploited in attacks (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226).
6. Attackers can chain these zero-days to escape virtual machine sandboxes.
7. Over 37,000 internet-exposed VMware ESXi instances were found vulnerable to CVE-2025-22224.
8. Ransomware gangs and state-sponsored hackers frequently exploit VMware vulnerabilities.
9. Broadcom previously warned of VMware vCenter Server vulnerabilities exploited in real-world attacks.
10. Chinese state hackers used a VMware zero-day since 2021 to deploy backdoors on ESXi systems.

TAKEAWAYS:

1. VMware Tools for Windows had a high-severity vulnerability allowing local privilege escalation.
2. Broadcom quickly patched multiple VMware security flaws, some actively exploited.
3. VMware vulnerabilities are frequent targets for ransomware groups and nation-state hackers.
4. Thousands of VMware ESXi instances remain vulnerable to recently patched flaws.
5. Continuous patching and monitoring are essential to securing VMware environments from exploitation.