VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
https://www.securityweek.com/vulnerabilities-patched-by-juniper-vmware-and-zoom/
https://lists.debian.org/debian-lts-announce/2025/05/msg00017.html