Vulnerability Details CVE-2025-41244
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.5%
CVSS Severity
CVSS v3 Score 7.8
Proposed Action
Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Ransomware Campaign
Unknown
References
- http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149
- http://www.openwall.com/lists/oss-security/2025/09/29/10
- https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html
- https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244
Products affected by CVE-2025-41244
-
cpe:2.3:a:vmware:aria_operations:8.0
-
cpe:2.3:a:vmware:aria_operations:8.10.0
-
cpe:2.3:a:vmware:aria_operations:8.12.0
-
cpe:2.3:a:vmware:aria_operations:8.14.0
-
cpe:2.3:a:vmware:aria_operations:8.14.1
-
cpe:2.3:a:vmware:aria_operations:8.16.0
-
cpe:2.3:a:vmware:aria_operations:8.16.1
-
cpe:2.3:a:vmware:aria_operations:8.17.1
-
cpe:2.3:a:vmware:aria_operations:8.17.2
-
cpe:2.3:a:vmware:aria_operations:8.18
-
cpe:2.3:a:vmware:aria_operations:8.18.1
-
cpe:2.3:a:vmware:aria_operations:8.18.2
-
cpe:2.3:a:vmware:aria_operations:8.18.3
-
cpe:2.3:a:vmware:aria_operations:8.6.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.2
-
cpe:2.3:a:vmware:cloud_foundation:4.2.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3
-
cpe:2.3:a:vmware:cloud_foundation:4.3.1
-
cpe:2.3:a:vmware:cloud_foundation:4.3.11
-
cpe:2.3:a:vmware:cloud_foundation:4.4
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.4.1.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5
-
cpe:2.3:a:vmware:cloud_foundation:4.5.1
-
cpe:2.3:a:vmware:cloud_foundation:4.5.2
-
cpe:2.3:a:vmware:cloud_foundation:5.0
-
cpe:2.3:a:vmware:cloud_foundation:5.1
-
cpe:2.3:a:vmware:cloud_foundation:5.1.1
-
cpe:2.3:a:vmware:cloud_foundation:5.2
-
cpe:2.3:a:vmware:cloud_foundation:5.2.1
-
cpe:2.3:a:vmware:cloud_foundation:5.2.1.1
-
cpe:2.3:a:vmware:cloud_foundation:5.2.1.2
-
cpe:2.3:a:vmware:cloud_foundation:5.2.2
-
cpe:2.3:a:vmware:cloud_foundation_operations:9.0
-
cpe:2.3:a:vmware:open_vm_tools:11.2.0
-
cpe:2.3:a:vmware:open_vm_tools:11.2.5
-
cpe:2.3:a:vmware:open_vm_tools:11.3.0
-
cpe:2.3:a:vmware:open_vm_tools:11.3.5
-
cpe:2.3:a:vmware:open_vm_tools:12.0.0
-
cpe:2.3:a:vmware:open_vm_tools:12.0.5
-
cpe:2.3:a:vmware:open_vm_tools:12.1.0
-
cpe:2.3:a:vmware:open_vm_tools:12.1.5
-
cpe:2.3:a:vmware:open_vm_tools:12.2.0
-
cpe:2.3:a:vmware:open_vm_tools:12.2.5
-
cpe:2.3:a:vmware:open_vm_tools:12.3.0
-
cpe:2.3:a:vmware:open_vm_tools:12.3.5
-
cpe:2.3:a:vmware:open_vm_tools:12.4.0
-
cpe:2.3:a:vmware:open_vm_tools:12.4.5
-
cpe:2.3:a:vmware:open_vm_tools:12.5.0
-
cpe:2.3:a:vmware:open_vm_tools:12.5.2
-
cpe:2.3:a:vmware:open_vm_tools:13.0.0
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7
-
cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0
-
cpe:2.3:a:vmware:telco_cloud_platform:4.0
-
cpe:2.3:a:vmware:telco_cloud_platform:4.0.1
-
cpe:2.3:a:vmware:telco_cloud_platform:5.0
-
cpe:2.3:a:vmware:tools:12.5.0
-
cpe:2.3:a:vmware:tools:12.5.1
-
cpe:2.3:a:vmware:tools:12.5.2
-
cpe:2.3:a:vmware:tools:12.5.3
-
cpe:2.3:a:vmware:tools:13.0.0.0
-
cpe:2.3:a:vmware:tools:13.0.1.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-