Critical VGAuth Flaw in VMware Tools Grants Full System Access
gbhackersSecurity researchers have uncovered critical vulnerabilities in VMware Tools’ Guest Authentication Service (VGAuth) that allow attackers to escalate privileges from any user account to full SYSTEM access on Windows virtual machines.
The flaws, tracked as CVE-2025-22230 and CVE-2025-22247, affect VMware Tools 12.5.0 and earlier versions across ESXi-managed environments and standalone VMware Workstation deployments.
Authentication Bypass
The primary vulnerability stems from a fundamental flaw in VGAuth’s named pipe authentication mechanism.
The service creates predictable pipe names in the format \\.\pipe\vgauth-service-
| CVE ID | CVSS Score | Description | Patch Version | Release Date |
| CVE-2025-22230 | High | Authentication bypass via named pipe hijacking | VMware Tools 12.5.1 | March 25, 2025 |
| CVE-2025-22247 | Critical | Path traversal with insecure symlink resolution | VMware Tools 12.5.2 | May 12, 2025 |
By establishing a pipe named vgauth-service-system before the legitimate service, attackers ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE