Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Last update: 25-03-2025
Affected software:
Type:
CVE/CVSS:
A high-severity authentication bypass vulnerability (CVE-2025-22230) has been identified in VMware Tools for Windows. VMware Tools is a set of drivers and utilities that enhances performance and integration for guest operating systems running on VMware virtual machines. This vulnerability allows local attackers with low privileges to escalate their access and perform high-privilege operations within a compromised VM.
While this vulnerability has not been reported as actively exploited yet, similar VMware vulnerabilities have been frequently targeted by ransomware groups and state-sponsored hackers. VMware products are widely used in enterprise environments, making them attractive targets for cybercriminals. The risk to organizations includes potential privilege escalation, unauthorized system modifications, and increased susceptibility to further attacks.
To mitigate this risk, organizations should promptly update VMware Tools for Windows to the latest version and implement additional security monitoring to detect potential exploitation attempts.
CVE-2025-22230: VMware Tools for Windows (High Severity)
This vulnerability stems from improper access control in VMware Tools for Windows, allowing local attackers with low privileges to gain elevated privileges within a Windows guest VM. The flaw does not require user interaction and is classified as a low-complexity attack, making it easier for attackers to exploit.
A successful attack could allow a malicious actor to perform high-privilege operations inside a VM without administrative access. Given the widespread use of VMware virtualization in enterprise environments, attackers may leverage this vulnerability to gain deeper access into critical systems, potentially leading to further compromise.
Past incidents highlight how threat actors, including state-sponsored groups, have used VMware vulnerabilities to deploy persistent backdoors and gain long-term access to enterprise environments. Given this history, prompt patching is critical.
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
Bleeping Computer https://www.bleepingcomputer.com/news/security/broadcom-warns-of-authentication-bypass-in-vmware-windows-tools/