Primary

Context

VMware Tools for Windows Improper Authorization Vulnerability Allowing Access to Other Guest VMs

Vulnerability

Patched

A vulnerability has been identified in VMware Tools for Windows, specifically in versions 13.x and 12.x prior to 12.5.4. This vulnerability arises from improper authorization in user access controls, allowing a malicious actor with non-administrative privileges on a guest VM to access other guest VMs. Exploitation requires authentication through vCenter or ESX and knowledge of the targeted VMs' credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized access to other guest VMs from the compromised VM.

Remediation

Users can upgrade to VMware Tools version 13.0.5.0 or 12.5.4, depending on their current version. VMware Tools 12.4.9, part of VMware Tools 12.5.4, also addresses this issue for Windows 32-bit.

Added: Sep 29, 2025, 4:17 PM

Updated: Sep 29, 2025, 7:59 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

5.0

exploitability

3.0

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Tools for Windows Improper Authorization Vulnerability Allowing Access to Other Guest VMs

Vulnerability

Impact

Remediation

Affected Products

VMware Tools

VMware Aria Operations

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating