========================================================================== Ubuntu Security Notice USN-7508-1 May 13, 2025
open-vm-tools vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Open VM Tools could be made to overwrite files as the administrator. Software Description: - open-vm-tools: Open VMware Tools for virtual machines hosted on VMware Details: It was discovered that Open VM Tools incorrectly handled certain file operations. An attacker in a guest could use this issue to perform insecure file operations and possibly elevate privileges in the guest. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 open-vm-tools 2:12.5.0-1ubuntu0.1 Ubuntu 24.10 open-vm-tools 2:12.4.5-1ubuntu0.1 Ubuntu 24.04 LTS open-vm-tools 2:12.4.5-1~ubuntu0.24.04.2 Ubuntu 22.04 LTS open-vm-tools 2:12.3.5-3~ubuntu0.22.04.2 Ubuntu 20.04 LTS open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.8 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7508-1 CVE-2025-22247 Package Information: https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.5.0-1ubuntu0.1 https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.4.5-1ubuntu0.1 https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.4.5-1~ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/open-vm-tools/2:12.3.5-3~ubuntu0.22.04.2https://launchpad.net/ubuntu/+source/open-vm-tools/2:11.3.0-2ubuntu0~ubuntu20.04.8
OpenPGP_signature.asc
Description: OpenPGP digital signature
