VMware has released a patch to address a critical authentication bypass vulnerability, identified as CVE-2025-22230, affecting its Windows Tools suite versions 11.x.x and 12.x.x. This flaw, which has a CVSS score of 7.8, allows unauthorized access, posing a high risk to users. The patch is included in VMware Tools version 12.5.1, which users are urged to install immediately, as no workaround is available. Additionally, CrushFTP versions 10 and 11 have been found to contain a separate unauthenticated HTTP(S) access vulnerability, although it is not currently being actively exploited. Security experts recommend updating both VMware Tools and CrushFTP to mitigate these risks.