Advisories » MGASA-2025-0166

Updated open-vm-tools packages fix security vulnerability

Publication date: 27 May 2025
Modification date: 27 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-22247

Description

VMware Tools contains an insecure file handling vulnerability. A
malicious actor with non-administrative privileges on a guest VM may
tamper the local files to trigger insecure file operations within that
VM. (CVE-2025-22247)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34271
• https://www.openwall.com/lists/oss-security/2025/05/12/2
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDQBVVMNJB6EXDLSUNBCHZTNRBLXJEFU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22247

SRPMS

9/core

• open-vm-tools-12.3.5-2.1.mga9