My customers security team found a vulnerability in open-vm-tools as included with the Layer7 Gateway 11.1.* OVA form factor. The vulnerability is CVE-2025-41244.

Debian has announced that they backported the fix in upstream open-vm-tools 13.* to the 12.*-version in bookworm.

https://security-tracker.debian.org/tracker/CVE-2025-41244

Is that fix part of this months Platform Update?

The following  post suggests a 12.2.0-1+deb12u4 but the download sites still contain 12.2.0-1+deb12u3:

https://lists.debian.org/debian-release/2025/09/msg00643.html

Debian list the patch is published now .

Published in bookworm-release on 2026-01-10. open-vm-tools 2:12.2.0-1+deb12u4

This should be included in the next MPP which is expected end of january 2026