Aşağıda CVE-2025-22247 zafiyeti için adreslenen security fix içeriğini bulabilirsiniz. Bu zafiyet Linux sistemleri de etkilediğinden dolayı ilgili linux dağıtımlarında da fixed VMware Tools versiyonuna yükseltilmesi gerekmektedir.

• VMware Tools

VMSA Number: VMSA-2025-0007

CVSSv3 Range: Moderate

Issue date: 2025-05-12

Synopsis: VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247)

CVE numbers: CVE-2025-22247

1. Impacted Products

VMware Tools

2. Introduction

An insecure file handling vulnerability in VMware Tools was privately reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.

3. VMware Tools Insecure File Handling Vulnerability (CVE-2025-22247)

Description:
VMware Tools contains an insecure file handling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1.

Known Attack Vectors:
A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Resolution:
To remediate CVE-2025-22247 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds:
None

Additional Documentation:
None

Acknowledgements:
VMware would like to thank Sergey Bliznyuk of Positive Technologies for reporting this issue to us.

Notes:
[1] VMware Tools 12.4.7 which is part of VMware Tools 12.5.2, also addresses the issue for Windows 32-bit.
[2] A version of open-vm-tools that addresses CVE-2025-22247 will be distributed by Linux vendors.
[3] Fixed versions may differ based on the Linux distribution version and the distribution vendor.

Response Matrix