PT-2025-20689 · Vmware+7 · Vmware Tools+7

Praveen Singh

Published

2025-05-12

Updated

2026-04-04

CVE-2025-22247

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions open-vm-tools versions prior to 13.0.5-alt1 open-vm-tools versions 12.5.2

Description The Open Virtual Machine Tools contain an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper with local files to trigger insecure file operations within that VM, potentially leading to privilege escalation.

Recommendations Upgrade open-vm-tools to version 13.0.5-alt1 or later. Upgrade to open-vm-tools version 12.5.2.

Exploit

Fix

LPE

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2025:A001

ALSA-2025:A002

ALSA-2025:A003

ALSA-2025_17428

ALSA-2025_17509

ALSA-2025_A001

ALSA-2025_A002

ALT-PU-2025-14728

ALT-PU-2025-14872

AZL-67797

AZL-67806

BDU:2025-05681

CVE-2025-22247

DLA-4165-1

DSA-5919-1

INFBA-2025_20841

MGASA-2025-0166

OPENSUSE-SU-2025:15090-1

OPENSUSE-SU-2025_01658-1

OPENSUSE-SU-2025_1565-1

SUSE-SU-2025:01565-1

SUSE-SU-2025:01658-1

SUSE-SU-2025:01778-1

SUSE-SU-2025:1565-1

SUSE-SU-2025:20379-1

SUSE-SU-2025:20452-1

SUSE-SU-2025_01565-1

SUSE-SU-2025_01778-1

SUSE-SU-2025_1565-1

USN-7508-1

USN-7508-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Debian

Linuxmint

Suse

Ubuntu

Vmware Tools

PT-2025-20689 · Vmware+7 · Vmware Tools+7

CVE-2025-22247

Weakness Enumeration

Related Identifiers

Affected Products

References · 164