Broadcom has issued safety patches to deal with a high-severity safety flaw in VMware Instruments for Home windows that might result in an authentication bypass.
Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Widespread Vulnerability Scoring System (CVSS).
“VMware Instruments for Home windows comprises an authentication bypass vulnerability as a consequence of improper entry management,” Broadcom said in an alert issued Tuesday. “A malicious actor with non-administrative privileges on a Home windows visitor VM might acquire the power to carry out sure high-privilege operations inside that VM.”
Credited with discovering and reporting the flaw is Sergey Bliznyuk of Russian cybersecurity firm Optimistic Applied sciences.
CVE-2025-22230 impacts VMware Instruments for Home windows variations 11.x.x and 12.x.x. It has been mounted in model 12.5.1. There aren’t any workarounds that handle the difficulty.
CrushFTP Discloses New Flaw
The event comes as CrushFTP has warned clients of an “unauthenticated HTTP(S) port entry” vulnerability affecting CrushFTP variations 10 and 11. It has but to be assigned a CVE identifier.
“This difficulty impacts CrushFTP v10/v11 however doesn’t work if in case you have the DMZ perform of CrushFTP in place,” the corporate said. “The vulnerability was responsibly disclosed, it isn’t getting used actively within the wild that we all know of, no additional particulars shall be given presently.”
In keeping with details shared by cybersecurity firm Rapid7, profitable exploitation of the vulnerability may result in unauthenticated entry by way of an uncovered HTTP(S) port.
With safety flaws in VMware and CrushFTP beforehand exploited by malicious actors, it is important that customers transfer shortly to use the updates as quickly as potential.
Source link