Broadcom has released safety patches to solve high -speed security lack in VMware tools for Windows that can lead to bypass authentication.
The vulnerability, which is monitored as the CVE-2025-22230, is assessed by 7.8 on a ten-point total vulnerability (CVSS).
“VMware tools for Windows contain vulnerability of authentication from the wrong access control,” Broadcom – Note in a warning issued on Tuesday. “The No. of non -administrative privileges on Windows VM may be able to perform certain high -profile operations within this VM.”
It is attributed to the identification and report on the shortage – Sergei Blizyuk from the Russian cybersecurity campaign of positive technologies.
CVE-2025-22230 influences VMware tools for Windows 11.xx and 12.xx, it was recorded in version 12.5.1. There are no solutions that resolve this issue.
Crushftp reveals a new drawback
Development occurs when CrushftP warns customers about “unauthorized HTTP (s) Port”, a vulnerability that affects the Crushftp 10 and 11.
“This question affects – Note. “The vulnerability was responsible, it is not used actively in the wild, which we know, more details at this time will not be given.”
According to detailed information A total cybersecurity company Rapid7, successful vulnerability can lead to unauthorized access via open http (s) port.
With safety deficiencies Vmware and Crushftp Earlier, it is operated by malicious actors, it is important that users move quickly to apply updates as soon as possible.
