vulnerability

VMware VMware Tools: CVE-2022-22943: VMware Tools for Windows update addresses an uncontrolled search path vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:N/C:C/I:C/A:C)	Mar 1, 2022	Jun 3, 2025	Aug 20, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:C/I:C/A:C)

Published

Mar 1, 2022

Added

Jun 3, 2025

Modified

Aug 20, 2025

Description

VMware Tools for Windows contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.

Solution

vmware-tools-upgrade-latest

References

URL-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23621
CVE-2022-22943
https://attackerkb.com/topics/CVE-2022-22943
CWE-427

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today