==========================================================================
Ubuntu Security Notice USN-7508-2
June 03, 2025

open-vm-tools vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

Open VM Tools could be made to overwrite files as the administrator.

Software Description:
- open-vm-tools: Open VMware Tools for virtual machines hosted on VMware

Details:

USN-7508-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS

Original advisory details:

 It was discovered that Open VM Tools incorrectly handled certain
 file operations. An attacker in a guest could use this issue to
 perform insecure file operations and possibly elevate privileges
 in the guest.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS
  open-vm-tools                   2:11.0.5-4ubuntu0.18.04.3+esm4
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  open-vm-tools                   2:10.2.0-3~ubuntu0.16.04.1+esm5
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7508-2
  https://ubuntu.com/security/notices/USN-7508-1
  CVE-2025-22247