Broadcom and CrushFTP: The Dynamic Duo of Security Flaws!

Broadcom has released security patches for a high-severity flaw in VMware Tools for Windows. The CVE-2025-22230 vulnerability, rated 7.8 on the CVSS, could allow malicious actors to perform high-privilege operations. Users are urged to update to version 12.5.1 to avoid any authentication bypass fiascos.

3P
Published: March 26, 2025 4:56 amAdded: March 25, 2025 at 10:15 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like VMware Tools for Windows had a bit of an “open door” policy for its guest VMs, letting anyone and their cousin stroll in without a proper invitation. Meanwhile, CrushFTP is playing the mysterious stranger card with its security flaw, keeping us all in suspense. It’s like a soap opera, but with fewer dramatic cliffhangers and more “please update your software” reminders!

Key Points:

  • Broadcom issued patches for a VMware Tools for Windows vulnerability, CVE-2025-22230.
  • The flaw allows non-admin users to perform high-privilege operations.
  • VMware Tools versions 11.x.x and 12.x.x are affected; version 12.5.1 is patched.
  • CrushFTP disclosed an unauthenticated access flaw in versions 10 and 11.
  • Both flaws highlight the urgent need for users to apply updates immediately.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?