%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
open-vm-tools
Version
12.3.5
Type
library
Description
Tools to enhance VMWare guest integration and performance
Licenses
LGPL-2.0-only & GPL-2.0-only & BSD-2-Clause & CDDL-1.0
PURL
-
CPE
cpe:2.3:*:vmware:tools:12.3.5:*:*:*:*:*:*:*
Other Versions#
Patches#
#
Title
Author
Resolve
1
include poll.h instead of sys/poll.h
Khem Raj <raj.khem@gmail.com>
2
Add resolv_compat.h for musl builds
Trevor Gamblin <trevor.gamblin@windriver.com>
3
hgfsServerLinux: Consider 64bit time_t possibility
Khem Raj <raj.khem@gmail.com>
4
Use configure test for struct timespec
Natanael Copa <ncopa@alpinelinux.org>
5
Address CVE-2025-41244 - Disable (default) the execution of
Kruti Pendharkar <kp025370@broadcom.com>
CVE-2025-41244
6
configure.ac: don't use dnet-config
Martin Kelly <mkelly@xevo.com>
7
Fix subdir objects configure error
Khem Raj <raj.khem@gmail.com>
8
Use configure test for sys/stat.h include
Natanael Copa <ncopa@alpinelinux.org>
9
use posix strerror_r unless on gnu libc system
Khem Raj <raj.khem@gmail.com>
10
Use off64_t instead of __off64_t
Khem Raj <raj.khem@gmail.com>
11
open-vm-tools: Correct include path for poll.h
Khem Raj <raj.khem@gmail.com>
12
Use uintmax_t for handling rlim_t
Khem Raj <raj.khem@gmail.com>
13
Use configure to test for feature instead of platform
Natanael Copa <ncopa@alpinelinux.org>
14
Validate user names and file paths
John Wolfe <john.wolfe@broadcom.com>
CVE-2025-22247
15
Fix definition of ALLPERMS and ACCESSPERMS
Natanael Copa <ncopa@alpinelinux.org>
16
Rename poll.h to vm_poll.h
Randy MacLeod <Randy.MacLeod@windriver.com>
17
timeSync: Portable way to print 64bit time_t
Khem Raj <raj.khem@gmail.com>
Vulnerabilities#
Name
Analysis
Description
Patched
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Patched
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
Not Affected
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.
Not Affected
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.