Full Report
Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an
Analysis Summary
The provided context details two separate vulnerabilities: one in VMware Tools and one in CrushFTP. The summary below addresses both findings distinctly.
# Vulnerability: VMware Tools Authentication Bypass (CVE-2025-22230) & CrushFTP Unauthenticated Access Flaw
## CVE Details
- CVE ID: CVE-2025-22230
- CVSS Score: 7.8 (High)
- CWE: Improper Access Control (Inferred from description: "authentication bypass vulnerability due to improper access control")
## Affected Systems
- Products: VMware Tools for Windows
- Versions: 11.x.x and 12.x.x
- Configurations: Impacts non-administrative users within a Windows guest VM.
## Vulnerability Description (CVE-2025-22230)
VMware Tools for Windows contains an authentication bypass vulnerability stemming from improper access control. A malicious actor, leveraging non-administrative privileges on a Windows guest VM, could exploit this flaw to gain the ability to perform certain high-privilege operations within that VM.
## Exploitation (CVE-2025-22230)
- Status: Not explicitly stated as exploited in the wild by the summary, but the high severity implies risk.
- Complexity: Not provided.
- Attack Vector: Context suggests the attack originates from *within* the guest VM (Local).
## Impact (CVE-2025-22230)
- Confidentiality: High (due to potential to perform high-privilege operations)
- Integrity: High (due to potential to perform high-privilege operations)
- Availability: Not explicitly detailed, but high-privilege execution could affect availability.
***
# Vulnerability: CrushFTP Unauthenticated HTTP(S) Port Access Flaw (No CVE Assigned)
## CVE Details
- CVE ID: Not yet assigned
- CVSS Score: Not provided
- CWE: Not provided
## Affected Systems
- Products: CrushFTP
- Versions: Versions 10 and 11
- Configurations: The vulnerability **does not** work if the DMZ function of CrushFTP is in place.
## Vulnerability Description
An "unauthenticated HTTP(S) port access" vulnerability affects CrushFTP versions 10 and 11. Successful exploitation could allow an attacker to gain unauthenticated access via an exposed HTTP(S) port.
## Exploitation
- Status: Not being used actively in the wild (as of report date). PoC availability is not mentioned.
- Complexity: Not provided.
- Attack Vector: Network (via exposed HTTP(S) port).
## Impact
- Confidentiality: High (Unauthenticated access)
- Integrity: Potential
- Availability: Potential
***
## Remediation (Common for both)
### Patches
- **VMware Tools (CVE-2025-22230):** Fixed in **VMware Tools for Windows version 12.5.1**.
- **CrushFTP:** Upgrade instructions provided by the vendor (implied update for versions 10/11 presence).
### Workarounds
- **VMware Tools (CVE-2025-22230):** **No workarounds** are available.
- **CrushFTP:** Using the **DMZ function of CrushFTP** mitigates this specific vulnerability instance.
## Detection
- Indicators of compromise are not specified in the summary.
- Detection methods are not specified in the summary.
## References
- Vendor Advisory (VMware/Broadcom): hxxps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
- CrushFTP Advisory: hxxps://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
- Supporting Detail Link: hxxps://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/ (Note: This link appears related to other context/Rapid7 reporting, but is provided in the source article)