VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
36149
30 October 2025
29 September 2025
OPEN
HIGH
4.9-7.8
CVE-2025-41244,CVE-2025-41245, CVE-2025-41246
| Advisory ID: |
VMSA-2025-0015.1 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 4.9 -7.8 |
| Synopsis: | VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) |
| Issue date: | 2025-09-29 |
| Updated on: | 2025-10-30 |
| CVE(s) | CVE-2025-41244, CVE-2025-41245, CVE-2025-41246 |
1. Impacted Products
- VMware Aria Operations
- VMware Tools
- VMware Cloud Foundation
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
2. Introduction
Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.
3a. Local privilege escalation vulnerability (CVE-2025-41244)
Description:
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Resolution:
To remediate CVE-2025-41244 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Maxime Thiebaut (NVISO) for reporting this issue to us.
Notes:
[1] VMware Tools 12.4.9 which is part of VMware Tools 12.5.4, also addresses the issue for Windows 32-bit.
[2] A version of open-vm-tools that addresses CVE-2025-41244 will be distributed by Linux vendors.
[3] Broadcom has information to suggest that suspected exploitation of CVE-2025-41244 has occurred in the wild.
3b. VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)
Description:
VMware Aria Operations contains an information disclosure vulnerability. Broadcom has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9.
Known Attack Vectors:
A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
Resolution:
To remediate CVE-2025-41245 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
Broadcom would like to thank Sven Nobis of ERNW Enno Rey Netzwerke GmbH and Lorin Lehawany of ERNW Enno Rey Netzwerke GmbH for reporting this issue to us.
Notes:
None.
Response Matrix 3a & 3b:
| Product | Component | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workaround | Additional Documents |
|
VMware Cloud Foundation VMware vSphere Foundation |
VMware Cloud Foundation Operations | 9.x.x.x | Any |
CVE-2025-41244 |
7.8 | Important | None | None | |
|
VMware Cloud Foundation VMware vSphere Foundation
|
VMware Tools | 13.x.x.x [2] | Windows, Linux |
CVE-2025-41244 |
7.8 | Important | None | None | |
| VMware Aria Operations | VMware Aria Operations | 8.x | Any |
CVE-2025-41244, CVE-2025-41245 |
7.8 , 4.9 | Important | 8.18.5 | None | None |
| VMware Tools | N/A | 13.x.x | Windows, Linux | CVE-2025-41244 | 7.8 | Important | 13.0.5 | None | |
| VMware Tools | N/A | 12.x.x, 11.x.x | Windows, Linux | CVE-2025-41244 | 7.8 | Important | 12.5.4 | None | None |
| VMware Cloud Foundation | VMware Aria Operations | 5.x, 4.x | Any |
CVE-2025-41244, CVE-2025-41245 |
7.8, 4.9 | Important | KB92148 | None | None |
| VMware Telco Cloud Platform | VMware Aria Operations | 5.x, 4.x | Any | CVE-2025-41244, CVE-2025-41245 | 7.8, 4.9 | Important | 8.18.5 | None | None |
| VMware Telco Cloud Infrastructure | VMware Aria Operations | 3.x, 2.x | Any | CVE-2025-41244, CVE-2025-41245 | 7.8, 4.9 | Important | 8.18.5 | None | None |
3c. VMware Tools improper authorisation vulnerability (CVE-2025-41246)
Description:
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6.
Known Attack Vectors:
A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.
Resolution:
To remediate CVE-2025-41246 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None
Additional Documentation:
None
Acknowledgements:
Broadcom would like to thank security researcher Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway) for reporting this issue to us.
Notes:
[1] VMware Tools 12.4.9 which is part of VMware Tools 12.5.4, also addresses the issue for Windows 32-bit.
[2] This issue affects only VMware Tools for Windows
Response Matrix :
| Product | Component | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workaround | Additional Documents |
|
VMware Cloud Foundation VMware vSphere Foundation
|
VMware Tools | 13.x.x.x [2] | Windows |
CVE-2025-41246 |
7.6 | Important |
None |
None | |
|
VMware Tools [2] |
N/A | 13.x.x | Windows |
CVE-2025-41246 |
7.6 | Important |
None |
None | |
|
VMware Tools [2] |
N/A | 12.x.x, 11.x.x | Windows |
CVE-2025-41246 |
7.6 | Important |
None |
None | |
|
VMware Tools |
N/A | 12.x.x, 11.x.x | Linux |
CVE-2025-41246 |
N/A | N/A |
Unaffected |
N/A | N/A |
|
VMware Tools |
N/A | 12.x.x, 11.x.x | macOS |
CVE-2025-41246 |
N/A | N/A |
Unaffected |
N/A | N/A |
4. References:
Fixed Version(s) and Release Notes:
VMware Cloud Foundation Operations 9.0.1.0
Downloads and Documentation:
VMware vSphere Foundation 9.0.1.0-VCF Operations
Downloads and Documentation:
VMware Aria Operations 8.18.5
Downloads and Documentation:
VMware Cloud Foundation 9.0.1.0 -VMware Tools 13.0.5.0
Downloads and Documentation
VMware vSphere Foundation 9.0.1.0-VMware Tools 13.0.5.0
Downloads and Documentation
VMware Tools 13.0.5
Downloads and Documentation:
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/13-0-0/release-notes/vmware-tools-1305-release-notes.html
VMware Tools 12.5.4
Downloads and Documentation:
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/12-5-0/release-notes/vmware-tools-1254-release-notes.html
Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-41244
https://www.cve.org/CVERecord?id=CVE-2025-41245
https://www.cve.org/CVERecord?id=CVE-2025-41246
FIRST CVSSv3 Calculator:
CVE-2025-41244: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2025-41245: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVE-2025-41246: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
5. Change Log:
2025-09-29 VMSA-2025-0015
Initial security advisory.
2025-10-30 VMSA-2025-0015.1
Updated security advisory to add note to paragraph 3a: "Broadcom has information to suggest that suspected exploitation of CVE-2025-41244 has occurred in the wild."
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2025 Broadcom. All rights reserved.