%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
open-vm-tools
Version
11.3.5
Type
library
Description
Tools to enhance VMWare guest integration and performance
Licenses
LGPL-2.0-only & GPL-2.0-only & BSD-2-Clause & CDDL-1.0
PURL
-
CPE
cpe:2.3:*:vmware:tools:11.3.5:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
Use configure test for struct timespec
Natanael Copa <ncopa@alpinelinux.org>
2
Use off64_t instead of __off64_t
Khem Raj <raj.khem@gmail.com>
3
Add resolv_compat.h for musl builds
Trevor Gamblin <trevor.gamblin@windriver.com>
4
include poll.h instead of sys/poll.h
Khem Raj <raj.khem@gmail.com>
5
Address CVE-2023-34059
John Wolfe <jwolfe@vmware.com>
CVE-2023-34059
6
Fix definition of ALLPERMS and ACCESSPERMS
Natanael Copa <ncopa@alpinelinux.org>
7
Use uintmax_t for handling rlim_t
Khem Raj <raj.khem@gmail.com>
8
use posix strerror_r unless on gnu libc system
Khem Raj <raj.khem@gmail.com>
9
Use configure to test for feature instead of platform
Natanael Copa <ncopa@alpinelinux.org>
10
misc: Do not print NULL string into logs
Khem Raj <raj.khem@gmail.com>
11
Address CVE-2025-41244 - Disable (default) the execution of
Kruti Pendharkar <kp025370@broadcom.com>
CVE-2025-41244
12
hgfsServerLinux: Consider 64bit time_t possibility
Khem Raj <raj.khem@gmail.com>
13
configure.ac: don't use dnet-config
Martin Kelly <mkelly@xevo.com>
14
Make HgfsConvertFromNtTimeNsec aware of 64-bit time_t on i386
Bartosz Brachaczek <b.brachaczek@gmail.com>
15
Use configure test for sys/stat.h include
Natanael Copa <ncopa@alpinelinux.org>
16
Rename poll.h to vm_poll.h
Randy MacLeod <Randy.MacLeod@windriver.com>
17
Allow only X509 certs to verify the SAML token signature.
Katy Feng <fkaty@vmware.com>
CVE-2023-20900
18
open-vm-tools: Correct include path for poll.h
Khem Raj <raj.khem@gmail.com>
19
Address CVE-2023-34058
John Wolfe <jwolfe@vmware.com>
CVE-2023-34058
20
Validate user names and file paths
John Wolfe <john.wolfe@broadcom.com>
CVE-2025-22247
21
Properly check authorization on incoming guestOps requests.
John Wolfe <jwolfe@vmware.com>
CVE-2022-31676
22
open-vm-tools: Remove some dead code.
John Wolfe <jwolfe@vmware.com>
CVE-2023-20867
23
Fix subdir objects configure error
Khem Raj <raj.khem@gmail.com>
Vulnerabilities#
Name
Analysis
Description
Patched
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Patched
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Patched
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
Patched
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Patched
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Patched
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Patched
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.