{"dataType": "CVE_RECORD", "containers": {"cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:vmware_tools:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "vmware_tools", "versions": [{"status": "affected", "version": "11.0.0", "lessThan": "12.5.1 ", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518"}], "descriptions": [{"lang": "en", "value": "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM."}, {"lang": "es", "value": "VMware Tools para Windows contiene una vulnerabilidad de omisión de autenticación debido a un control de acceso inadecuado. Un atacante con privilegios no administrativos en una máquina virtual invitada podría obtener la capacidad de realizar ciertas operaciones con privilegios elevados dentro de esa máquina virtual."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-288", "description": "CWE-288"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-03-27T16:45:46Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-22230", "state": "PUBLISHED", "dateUpdated": "2025-03-27T16:45:46Z", "assignerOrgId": "00000000-0000-4000-A000-000000000003", "datePublished": "2025-03-25T14:15:28Z", "assignerShortName": "nvd"}, "dataVersion": "5.0"}