open-vm-tools-desktop (AlmaLinux:8) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:8 package open-vm-tools-desktop, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2022-31676 — CVSS 7.8 (high): VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local…
CVE-2023-34059 — CVSS 7.4 (high): open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges…
CVE-2023-34058 — CVSS 7.1 (high): VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges…
CVE-2023-20900 — CVSS 7.1 (high): A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952…
CVE-2025-22247 — CVSS 6.1 (medium): VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may…