FERRAMENTAS LINUX: Critical Security Update: open-vm-tools Patch Fixes CVE-2025-22247 Vulnerability

sexta-feira, 30 de maio de 2025

Critical Security Update: open-vm-tools Patch Fixes CVE-2025-22247 Vulnerability

SUSE releases critical open-vm-tools 12.5.2 update patching CVE-2025-22247 (CVSS 6.9), a file-handling vulnerability affecting Linux Enterprise 15 SP7. Learn installation steps, enterprise risks, and security best practices for VMware environments

SUSE Linux Enterprise Systems Receive Moderate-Risk Update

Key Security Update Overview

SUSE has released a moderate-risk security patch (SUSE-SU-2025:01565-1) for open-vm-tools 12.5.2, addressing CVE-2025-22247, a critical insecure file handling vulnerability with a CVSS score of 6.9 (v4.0). This update also includes stability fixes for GCC 15 compilation and containerd 1.7.25+ compatibility.

Affected Products

SUSE Linux Enterprise Server 15 SP7
SUSE Linux Enterprise Desktop 15 SP7
Basesystem, Containers, and Desktop Applications Modules
SUSE Real Time & SAP Applications Servers

🔴 Why This Matters for Enterprises: Unpatched VMware tools can expose virtualized environments to privilege escalation and data integrity risks.

Detailed Vulnerability Analysis

CVE-2025-22247: Security Risk & Mitigation

Threat: Local attackers could exploit improper file permissions in VM guest operations.
CVSS Breakdown:
- SUSE v4.0: 6.9 (High Integrity Impact, Low Confidentiality)
- NVD v3.1: 6.1 (Medium Risk)
Fix: Update to open-vm-tools 12.5.2 to prevent exploitation.

Additional Fixes Included

✔ GCC 15 compatibility (bsc#1241938)
✔ containerd 1.7.25+ build support (bsc#1237147)

How to Install the Update

Recommended Methods

YaST Online Update (GUI)
Command Line:
bash
Copy
Download
```
zypper patch
```
OR product-specific commands:
- Basesystem Module:
  bash
  Copy
  Download
```
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2025-1565=1
```