Detections
Analytics

VMware Tools 11.x / 12.x < 12.5.2 Insecure File Handling (VMSA-2025-0007)

medium Nessus Plugin ID 236832

Language:

Synopsis

The virtualization tool suite is installed on the remote host is affected by an insecure file handling vulnerability.

Description

The version of VMware Tools installed on the remote host is 11.x or 12.x prior to 12.5.2. It is, therefore, affected by an insecure file handling vulnerability:

 - VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM. (CVE-2025-22247)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to VMware Tools version 12.5.2 or later.

See Also

http://www.nessus.org/u?d78c3b74

Plugin Details

Severity: Medium

ID: 236832

File Name: vmware_tools_win_VMSA-2025-0007.nasl

Version: 1.1

Type: local

Agent: windows, macosx, unix

Family: Misc.

Published: 5/16/2025

Updated: 5/16/2025

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: Medium

Base Score: 5.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:C/A:N

CVSS Score Source: CVE-2025-22247

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Vulnerability Information

CPE: cpe:/a:vmware:tools

Required KB Items: installed_sw/VMware Tools

Patch Publication Date: 5/12/2025

Vulnerability Publication Date: 5/12/2025

Reference Information

CVE: CVE-2025-22247

IAVA: 2025-A-0324

VMSA: 2025-0007