There is 1 open security issue in bullseye.
1 issue left for the package maintainer to handle:
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).
You can find information about how to handle this issue in the security team's documentation.