{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools-salt-minion", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-22247"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2364261"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22247"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine (VM) may tamper with the local files to trigger insecure file operations within that VM."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-12T00:00:00Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "affected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in open-vm-tools. A malicious actor with non-administrative privileges on a guest virtual machine (VM) may tamper with the local files to trigger insecure file operations within that VM. \n            \n            Currently, no mitigation is available for this vulnerability."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-12T00:00:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.0.5-4ubuntu0.18.04.3+esm4", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.0.5-4ubuntu0.18.04.3+esm4", "versionType": "custom"}], "platforms": ["bionic"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.2", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.2", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.2", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.2", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.2", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.4.5-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.4.5-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.4.5-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.4.5-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.4.5-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:10.2.0-3~ubuntu0.16.04.1+esm5", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:10.2.0-3~ubuntu0.16.04.1+esm5", "versionType": "custom"}], "platforms": ["xenial"], "defaultStatus": "unaffected"}, {"vendor": "unknown", "product": "unknown", "defaultStatus": "unknown"}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-22247"}, {"url": "https://ubuntu.com/security/notices/USN-7508-1"}, {"url": "https://ubuntu.com/security/notices/USN-7508-2"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "VMware Tools contains an insecure file handling vulnerability. A maliciousactor with non-administrative privileges on a guest VM may tamper the localfiles to trigger insecure file operations within that VM."}, {"lang": "en", "value": "not defined"}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-05-12T00:00:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u3", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u4", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2", "versionType": "deb"}], "platforms": ["forky", "sid", "trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-05-14T00:00:00.000Z", "x_subShortName": "debian"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-22247", "name": "CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools:A malicious actor with non-administrative privileges on a guest virtual machine (VM) may tamper with the local files to trigger insecure file operations within that VM. (CVE-2025-22247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-06-20T00:00:00Z", "x_subShortName": "alma_10"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-22247", "name": "CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools:A malicious actor with non-administrative privileges on a guest virtual machine (VM) may tamper with the local files to trigger insecure file operations within that VM. (CVE-2025-22247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-06-20T00:00:00Z", "x_subShortName": "alma_8"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9.alma.1", "versionType": "rpm"}, {"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-22247", "name": "CVE-2025-22247"}, {"url": "https://www.redhat.com/security/data/cve/CVE-2025-22247.html", "name": "CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.\n"}, {"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools:A malicious actor with non-administrative privileges on a guest virtual machine (VM) may tamper with the local files to trigger insecure file operations within that VM. (CVE-2025-22247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-06-20T00:00:00Z", "x_subShortName": "alma_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "fedora", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-1.fc41", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:41"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-1.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-23653a72d9"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-a6305306dd"}], "descriptions": [{"lang": "en", "value": "open-vm-tools: Insecure file handling"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2025-05-20T01:12:55Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHBA-2026:0860"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nBug Fix(es) and Enhancement(s):\n\n* Backport of CVE-2025-22247 to 8.10 (JIRA:RHEL-129361)"}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-12T00:00:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-1.el9_7.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHBA-2025:20841"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-05-12T00:00:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-containers:15:sp6", "cpe:/o:suse:sle-module-containers:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-desktop-applications:15:sp6", "cpe:/o:suse:sle-module-desktop-applications:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150300.58.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1243106"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247", "name": "Mitre CVE-2025-22247"}, {"url": "https://www.suse.com/security/cve/CVE-2025-22247", "name": "SUSE CVE-2025-22247"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039448.html", "name": "SUSE-SU-2025:01565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039310.html", "name": "SUSE-SU-2025:01658-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039468.html", "name": "SUSE-SU-2025:01778-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020834.html", "name": "SUSE-SU-2025:1565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040260.html", "name": "SUSE-SU-2025:20379-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040553.html", "name": "SUSE-SU-2025:20452-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Tools contains an insecure file handling vulnerability.  A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-05-17T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-150600.3.12.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-desktop-applications:15:sp6", "cpe:/o:suse:sle-module-desktop-applications:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1243106"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247", "name": "Mitre CVE-2025-22247"}, {"url": "https://www.suse.com/security/cve/CVE-2025-22247", "name": "SUSE CVE-2025-22247"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039448.html", "name": "SUSE-SU-2025:01565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039310.html", "name": "SUSE-SU-2025:01658-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039468.html", "name": "SUSE-SU-2025:01778-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020834.html", "name": "SUSE-SU-2025:1565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040260.html", "name": "SUSE-SU-2025:20379-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040553.html", "name": "SUSE-SU-2025:20452-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Tools contains an insecure file handling vulnerability.  A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-05-17T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-4.83.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-4.83.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-4.83.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-4.83.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.2-4.83.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1243106"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247", "name": "Mitre CVE-2025-22247"}, {"url": "https://www.suse.com/security/cve/CVE-2025-22247", "name": "SUSE CVE-2025-22247"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039448.html", "name": "SUSE-SU-2025:01565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039310.html", "name": "SUSE-SU-2025:01658-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039468.html", "name": "SUSE-SU-2025:01778-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020834.html", "name": "SUSE-SU-2025:1565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040260.html", "name": "SUSE-SU-2025:20379-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040553.html", "name": "SUSE-SU-2025:20452-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Tools contains an insecure file handling vulnerability.  A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-05-31T00:00:00Z", "x_subShortName": "suse_server_12"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Moderate\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-160000.2.2", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1243106"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247", "name": "Mitre CVE-2025-22247"}, {"url": "https://www.suse.com/security/cve/CVE-2025-22247", "name": "SUSE CVE-2025-22247"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039448.html", "name": "SUSE-SU-2025:01565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039310.html", "name": "SUSE-SU-2025:01658-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-May/039468.html", "name": "SUSE-SU-2025:01778-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-May/020834.html", "name": "SUSE-SU-2025:1565-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040260.html", "name": "SUSE-SU-2025:20379-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-June/040553.html", "name": "SUSE-SU-2025:20452-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Tools contains an insecure file handling vulnerability.  A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-11-14T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "amazon", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-05-21T19:40:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "amazon", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.2", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247"}], "descriptions": [{"lang": "en", "value": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-05-21T19:36:00Z", "x_subShortName": "alas_2023"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"cpes": ["cpe:2.3:o:vmware:vmware_tools:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "vmware_tools", "versions": [{"status": "affected", "version": "0", "lessThan": "12.5.2", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/05/12/2"}, {"url": "http://www.openwall.com/lists/oss-security/2025/05/13/2"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00017.html"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683"}], "descriptions": [{"lang": "en", "value": "VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM."}, {"lang": "es", "value": "VMware Tools contiene una vulnerabilidad de gestión insegura de archivos. Un agente malicioso con privilegios no administrativos en una máquina virtual invitada podría manipular los archivos locales para activar operaciones inseguras dentro de esa máquina virtual."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-59", "description": "CWE-59"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-05-14T17:15:47Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-22247", "state": "PUBLISHED", "dateUpdated": "2025-05-14T17:15:47Z", "assignerOrgId": "00000000-0000-4000-A000-000000000003", "datePublished": "2025-05-12T11:15:49Z", "assignerShortName": "nvd"}, "dataVersion": "5.0"}