Insights from the Field

Introduction Broadcom has issued a moderate-severity security advisory, VMSA-2025-0007, addressing a newly disclosed vulnerability in VMware Tools identified as CVE-2025-22247. This vulnerability affects both Windows and Linux guest operating systems and introduces a risk scenario where a non-privileged user inside a virtual machine could tamper with file operations carried out by VMware Tools. Although this flaw is not exploitable for guest-to-host escape, it may allow local

Introduction Broadcom has published VMSA-2025-0008 to address a newly disclosed DOM-based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation, previously known as vRealize Automation. The issue is tracked as CVE-2025-22249 and has been assigned a CVSSv3 base score of 8.2 (Important severity). This client-side scripting flaw could allow an attacker to steal access tokens or session identifiers from authenticated users by tricking them into visiting a specially c