- Broadcom was recently informed about an authentication derivation failure in VMware tools
- Error 7.8 was quickly solved, but there are no solutions available
- The error affects Windows users, while Linux and Macos users are safe
Broadcom has warned its users a high -severity vulnerability recently discovered in VMware Tools, a set of tools for virtual machines (VM) that is executed on VMware platforms.
In a security notice, the company said it launched a solution for the failure, which suggests that users apply it as soon as possible.
VMware Tools is a set of profits that improves the performance, usability and administration of virtual machines that are executed on VMware platforms. Improves the graphics, allows the mouse without seams, synchronizes the time between the host and the VM, and allows a better integration between the guest operating system and the host system.
Realization of “high privilege operations”
Broadcom, the VMware owner, said he was recently informed about a vulnerability of authentication derivation by security researcher Sergey Bliznyuk of positive technologies.
The fault is now tracking as CVE-2025-22230, and was given a severity score of 7.8/10 (high).
“A malicious actor with non -administrative privileges in a guest VM of Windows can obtain the ability to perform certain high privilege operations within that VM,” Broadcom said in the notice, not to mention whether there is evidence of abuse in nature.
The company emphasized that there were no solutions to this problem, which suggests that applying the patch is the only way to mitigate the risk.
The error was only found on the Windows platform, with Linux and Macos Seguros.
“VMware Tools 12.4.6 which is part of VMware Tools 12.5.1 Addresses the problem for 32 -bit Windows,” Broadcom concluded.
Ransomware and hackers gangs sponsored by the State “often point” to VMware vulnerabilities, Bleepingcomputer He informed, stating that VMware products were used “widely in business operations” to store or transfer confidential corporate data.
At the end of January 2025, for example, Techradar Pro reported that cybercriminals used the SSH tunnel functionality in Metal Hypervisors ESXI Bare de VMware for stealthy persistence, to help them deploy ransomware at objective final points.
Through Bleepingcomer
