CVE-2025-22247

Publication date 12 May 2025

Last updated 14 May 2025

Ubuntu priority

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
open-vm-tools	25.04 plucky	Fixed 2:12.5.0-1ubuntu0.1
	24.10 oracular	Fixed 2:12.4.5-1ubuntu0.1
	24.04 LTS noble	Fixed 2:12.4.5-1~ubuntu0.24.04.2
	22.04 LTS jammy	Fixed 2:12.3.5-3~ubuntu0.22.04.2
	20.04 LTS focal	Fixed 2:11.3.0-2ubuntu0~ubuntu20.04.8
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
	14.04 LTS trusty	Needs evaluation

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-7508-1
Open VM Tools vulnerability
13 May 2025

Other references

https://www.cve.org/CVERecord?id=CVE-2025-22247
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683
https://www.openwall.com/lists/oss-security/2025/05/12/2