CVE-2025-41244
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Vendor
Product
CWE
Yayın Tarihi
2025-09-29 17:15:30
Güncelleme
2025-11-06 13:58:13
Source Identifier
security@vmware.com
KEV Date Added
2025-10-30
Kategoriler
Referanslar
http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149
http://www.openwall.com/lists/oss-security/2025/09/29/10
https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html
https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244