About a month ago Broadcom (VMWare) released a security advisory for CVE-2025-22247 impacting the open-vm-tools package commonly installed inside of virtual machines on VMWare hypervisors.
VMware Tools contains an insecure file handling vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.1.
AlmaLinux 8, 9, 10, and Kitten 10 are all impacted by CVE-2025-22247. While it is only a moderate severity, ALESCo has approved updating this ahead of our upstream given the community requests for it over the past few weeks.
Installing the patched versions of open-vm-tools on AlmaLinux
It only takes a few steps to install and test the patched version of open-vm-tools in the testing repo.
Install the testing repo (Skip this step on AlmaLinux Kitten)
sudo dnf install -y almalinux-release-testing && sudo dnf config-manager --enable almalinux-testing
Then update open-vm-tools:
sudo dnf update open-vm-tools
Confirm you have the patched version of open-vm-tools
rpm -qa open-vm-tools
You should see a version matching or higher than the ones below, depending on when you do the installation of the patches.
- AlmaLinux 8 -
open-vm-tools-12.3.5-2.el8.alma.1 - AlmaLinux 9 -
open-vm-tools-12.5.0-1.el9.alma.1 - AlmaLinux 10 -
open-vm-tools-12.5.0-1.el10.alma.1 - AlmaLinux Kitten 10 -
open-vm-tools-12.5.0-1.el10.alma.1
Note: We don’t recommend that you keep the testing repo enabled after you’ve updated open-vm-tools, unless you’ve done this on a truly non-production environment. If this is a production environment, you can disable the repo with this command (not applicable to AlmaLinux Kitten):
sudo dnf config-manager --disable almalinux-testing
If you encounter problems, please let us know as soon as you can, either in AlmaLinux chat, on bugs.almalinux.org, or by emailing packager@almalinux.org.
Thanks to our community
Security is a priority at AlmaLinux, and once again we’re patching something we know to be important to our community. This is part of the freedom that comes with being a community-powered Red Hat equivalent operating system. We appreciate the members of our community that reported their feelings about this and other updates, worked to fix the problems, and have ever participated in testing our security updates.
If you have any interest in helping us test updates like this in the future, join our chat, join our forums, and keep your eyes open! We’ll be looking for contributions to our OpenQA testing later this year, too!
