Broadcom Patches Critical Security Flaw in VMware Tools for Windows and Linux
A critical VMware Tools vulnerability has been patched by Broadcom after it was found that attackers with limited access to virtual machines (VMs) could abuse the flaw to perform insecure file operations. The vulnerability also affects open-vm-tools, the open-source variant used widely in Linux environments.
Attackers Can Tamper with Local Files from Within Guest VMs
In a security advisory issued this week, Broadcom confirmed that:
“A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.”
The vulnerability affects VMware Tools versions 12.x.x and 11.x.x on Windows and Linux platforms. No workaround is available, and Broadcom is urging all users to upgrade to VMware Tools version 12.5.2, which includes the fix.
Affects Both Proprietary and Open-Source VMware Tools
The open-vm-tools community has also received the patch, allowing the issue to be resolved across open-source implementations. Distribution-specific patches for Linux environments will be rolled out by individual Linux vendors, and versioning may differ depending on the distribution.
The vulnerability was responsibly disclosed by Sergey Bliznyuk of Positive Technologies.
Additional VMware Products Affected by Access Token Theft Vulnerability
Alongside this announcement, Broadcom also disclosed a separate critical vulnerability (rated 8.2/10) in other VMware products, including:
- VMware Aria Automation
- VMware Cloud Foundation
- VMware Telco Cloud Platform
This separate issue allows attackers to steal access tokens from users by luring them into clicking a maliciously crafted URL.
“A malicious actor may exploit this issue to steal the access token of a logged-in user of VMware Aria Automation appliance by tricking the user into clicking a malicious crafted payload URL,” Broadcom warned.
Immediate Patch Application Recommended for Enterprise Environments
Organizations using VMware Tools or open-vm-tools on ESXi hypervisors should immediately review their deployments and apply security updates to minimize risk. These vulnerabilities, if exploited, could lead to unauthorized access or manipulation of virtual machine environments—a serious threat in enterprise virtualization and cloud infrastructure contexts.
