Source: open-vm-tools Version: 2:11.2.5-2+deb11u3 Severity: grave Tags: security upstream fixed-upstream Justification: user security hole X-Debbugs-Cc: [email protected]
Description ============================================================== CVE-2025-22247: VMware Tools contains an insecure file handling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N. Known Attack Vectors ============================================================== A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683 -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F
