Debian has released updated packages for open-vm-tools, addressing critical security vulnerabilities in both Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm).
The updates are documented in two separate security advisories:
1. Debian LTS Advisory DLA-4165-1 (Bullseye)
2. Debian Security Advisory DSA-5919-1 (Bookworm)
The primary vulnerability, identified as CVE-2025-22247, involves insecure file handling that could allow a non-administrative user within a guest virtual machine to manipulate local files and exploit insecure file operations. This issue has been fixed in the following versions:
- For Debian 11 (Bullseye): 2:11.2.5-2+deb11u4
- For Debian 12 (Bookworm): 2:12.2.0-1+deb12u3
Users are strongly encouraged to upgrade their open-vm-tools packages to mitigate potential security risks. Detailed security status and guidance on applying these updates can be found on the Debian security tracker page and the Debian LTS wiki.
In summary, the updates underscore the importance of maintaining up-to-date software to protect against vulnerabilities that could be exploited by malicious actors. Continuous monitoring of security advisories and prompt application of updates is vital for ensuring the security of virtual environments
The updates are documented in two separate security advisories:
1. Debian LTS Advisory DLA-4165-1 (Bullseye)
2. Debian Security Advisory DSA-5919-1 (Bookworm)
The primary vulnerability, identified as CVE-2025-22247, involves insecure file handling that could allow a non-administrative user within a guest virtual machine to manipulate local files and exploit insecure file operations. This issue has been fixed in the following versions:
- For Debian 11 (Bullseye): 2:11.2.5-2+deb11u4
- For Debian 12 (Bookworm): 2:12.2.0-1+deb12u3
Users are strongly encouraged to upgrade their open-vm-tools packages to mitigate potential security risks. Detailed security status and guidance on applying these updates can be found on the Debian security tracker page and the Debian LTS wiki.
In summary, the updates underscore the importance of maintaining up-to-date software to protect against vulnerabilities that could be exploited by malicious actors. Continuous monitoring of security advisories and prompt application of updates is vital for ensuring the security of virtual environments
Open-VM-Tools updates for Debian
Updated open-vm-tools packages are available for Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm):
[DLA 4165-1] open-vm-tools security update
[DSA 5919-1] open-vm-tools security update
