VMware Tools v 12.5.1 fixes an authentication bypass vulnerability (VMSA-2025-0005, CVE-2025-22230, CVSv3 7.8)

This week, VMware introduced a new version of its VMware Tools for Windows. The reason for this release is an authentication bypass vulnerability.

VMware Tools is a set of services and modules that enable several features in VMware products for better management of, and seamless user interactions with, guest Operating Systems.

Although the guest operating system can run without VMware Tools, many VMware features are not available until you install VMware Tools. For example, if you do not have VMware Tools installed in your virtual machine, you cannot use the shutdown or restart options from the toolbar. You can only use the power options. VMware Tools manage time synchronization on VMware vSphere and may offer quiescence for backups.

About the vulnerability

An authentication bypass vulnerability in VMware Tools for Windows was privately reported to VMware. This vulnerability is known as CVE-2025-22230. An attacker with non-administrative privileges in the Windows guest Operating System on which VMware Tools is installed may gain the ability to perform certain high-privilege operations within that virtual machine.

To remediate CVE-2025-22230 install VMware Tools version 12.5.1, or a later version of the VMware Tools, on x64 versions of Windows. Install VMware Tools version 12.4.6 for 32bit Windows versions.

According to the VMware Tools 12.5.1 Release Notes, version 12.5.1 also incorporates a fix for the Elevation of Privilege vulnerability in Visual C++, tracked as CVE-2024-43590 and a fix for an issue in VMware Tools version 12.5.0 that caused some OpenGL applications to stop responding.

Follow these steps to upgrade VMware Tools on Windows Server-based guest Operating Systems in your vSphere environment:

• Sign in to vCenter Server.
• In the Inventory > Hosts and Clusters view, select the host, cluster, or datacenter and click the Virtual Machines tab.
• Select the Windows Server-based virtual machines you want to upgrade VMware Tools on. Use Ctrl or Shift to select multiple virtual machines.
• Right-click the selected virtual machine(s) and select Guest from the context menu. Then, click Install/Upgrade VMware Tools.
• Complete the wizard.

The authentication bypass vulnerability in VMware Tools makes it apparent to upgrade VMware Tools on all Windows and Windows Server installations that are essential to the organization. This includes (read-only) Domain Controllers and Remote Desktop servers.

Further reading

VMware Tools v 11.3 fixes a Denial of Service vulnerability (VMSA-2021-0011)
KnowledgeBase: VMware Tools Quiescence corrupts Active Directory backups
VMware vSphere 7.0 Update 1 introduces an interface for advanced time configuration
Managing Active Directory Time Synchronization on VMware vSphere
Installing and upgrading VMware Tools in vSphere (2004754)