| Package | open-vm-tools |
|---|---|
| Version | 2:10.1.5-5055683-4+deb9u7 (stretch), 2:10.3.10-1+deb10u7 (buster) |
| Related CVEs | CVE-2025-22247 |
It was discovered that insecure file handling in open-vm-tools, an open source implementation of VMware Tools, may allow an unprivileged local guest user to tamper local files to trigger insecure file operations within that VM.
For Debian 10 buster, these problems have been fixed in version 2:10.3.10-1+deb10u7.
For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u7.
We recommend that you upgrade your open-vm-tools packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.