VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247)
VMware released security advisory VMSA-2025-0007 with Medium severity affecting VMware Tools.
The fix is available in VMware Tools v12.5.2 for Windows available in the VSS-Windows Content Library as Item VMware-Tools-for-Windows-12.5.2.24697584 (see Windows section below) and Linux via open-vm-tools package or patch (see Linux section below).
How-To Remediate
Windows
ITS Private Cloud CLI
Mount the VMware Tools ISO
VMware-Tools-for-Windows-12.5.2.24697584with thevss-cli:vss-cli compute vm set <id> cd up --backing VMware-Tools-for-Windows-12.5.2.24697584 1Proceed with the installation in the OS.
ITS Private Cloud Portal
Login to the
https://cloud-portal.eis.utoronto.caLook for your VM and click on the
Editbutton.Mount the VMWare Tools ISO
VMware-Tools-for-Windows-12.5.2.24697584.Proceed with the installation in the OS.
Linux
A new
open-vm-toolsversion is available at https://github.com/vmware/open-vm-tools/releases/tag/12.5.2A patch for existing open-vm-tools releases is provided in the CVE-2025-22247.patch file.
Ubuntu, Debian and related OS
You can update the open-vm-tools package with the following command:
sudo apt update && sudo apt install --only-upgrade open-vm-toolsRedHat, Fedora, CentOS and related
You can update the open-vm-tools package with the following command:
Red Hat 7 / Fedora / CentOS 7
sudo yum update open-vm-toolsRed Hat 8 and 9
sudo dnf update open-vm-toolsUniversity of Toronto - Since 1827