/
VMware Tools update addresses improper authorisation vulnerability (CVE-2025-41244)

VMware Tools update addresses improper authorisation vulnerability (CVE-2025-41244)

Mware released security advisory VMSA-2025-0015 with High severity affecting VMware Tools.

The fix is available in VMware Tools v12.5.4 for Windows available in the VSS-Windows Content Library as Item VMware-Tools-for-Windows-12.5.4-24964629 (see Windows section below) and Linux via open-vm-tools package or patch (see Linux section below).

How-To Remediate

Windows

ITS Private Cloud CLI

  1. Mount the VMware Tools ISO VMware-Tools-for-Windows-12.5.4-24964629 with the vss-cli:

    vss-cli compute vm set <id> cd up --backing VMware-Tools-for-Windows-12.5.4-24964629 1

  2. Proceed with the installation in the OS.

ITS Private Cloud Portal

  1. Login to the https://cloud-portal.eis.utoronto.ca

  2. Look for your VM and click on the Edit button.

  3. Mount the VMWare Tools ISO VMware-Tools-for-Windows-12.5.4-24964629.

  4. Proceed with the installation in the OS.

Linux

Ubuntu, Debian and related OS

You can update the open-vm-tools package with the following command:

sudo apt update && sudo apt install --only-upgrade open-vm-tools

RedHat, Fedora, CentOS and related

You can update the open-vm-tools package with the following command:

Red Hat 7 / Fedora / CentOS 7

sudo yum update open-vm-tools

Red Hat 8 and 9

sudo dnf update open-vm-tools

 

University of Toronto - Since 1827