VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230)

VMware released security advisory VMSA-2025-0005 with High severity affecting VMware Tools for Windows.

The fix is available in VMware Tools v12.5.1 for Windows available in the VSS-Windows Content Library as Item VMware_Tools_for_Windows_12.5.1.24649672 (see Windows section below).

How-To Remediate

Windows

ITS Private Cloud CLI

1. Mount the VMware Tools ISO VMware_Tools_for_Windows_12.5.1.24649672 with the vss-cli:

   vss-cli compute vm set <id> cd up --backing VMware_Tools_for_Windows_12.5.1.24649672 1

2. Proceed with the installation in the OS.

ITS Private Cloud Portal

1. Login to the https://cloud-portal.eis.utoronto.ca

2. Look for your VM and click on the Edit button.

3. Mount the VMWare Tools ISO VMware_Tools_for_Windows_12.5.1.24649672.

4. Proceed with the installation in the OS.

References

• https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518?utm_campaign=VCF_FY25_VCF_SecurityAlert-VMSA-2025-0005_MKT_EM_3199&utm_content=VCF_FY25_VCF_SecurityAlert_3199_VMSA-2025-0005_MKT_TRANS_EM_5655&utm_medium=email&utm_source=eloqua