Vmware: >> Telco Cloud Platform >> 4.0.1 Security Vulnerabilities
CVE-2025-41244
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Known exploited
CVSS Score
7.8
EPSS Score
0.009
Published
2025-09-29
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-06-04
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-06-04
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-06-04
CVE-2025-22224
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Known exploited
CVSS Score
9.3
EPSS Score
0.482
Published
2025-03-04
CVE-2025-22225
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Known exploited
CVSS Score
8.2
EPSS Score
0.042
Published
2025-03-04
CVE-2025-22226
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Known exploited
CVSS Score
7.1
EPSS Score
0.04
Published
2025-03-04