CVE-2025-41244
BaseFortify
Publication date: 2025-09-29
Last updated on: 2025-11-06
Assigner: VMware
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 11.0 |
| vmware | aria_operations | From 8.0 (inc) to 8.18.5 (exc) |
| vmware | cloud_foundation | From 4.0 (inc) to 5.2.2 (inc) |
| vmware | cloud_foundation_operations | 9.0 |
| vmware | open_vm_tools | From 11.2.0 (inc) to 12.5.4 (exc) |
| vmware | open_vm_tools | 13.0.0 |
| vmware | telco_cloud_infrastructure | From 2.2 (inc) to 3.0 (inc) |
| vmware | telco_cloud_platform | From 4.0 (inc) to 5.0.1 (exc) |
| vmware | tools | From 12.5.0 (inc) to 12.5.4 (exc) |
| vmware | tools | From 13.0.0.0 (inc) to 13.0.5.0 (exc) |
| microsoft | windows | * |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-267 | A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a local privilege escalation issue in VMware Aria Operations and VMware Tools. A malicious local user with non-administrative privileges who has access to a virtual machine (VM) with VMware Tools installed and managed by Aria Operations with SDMP enabled can exploit this flaw to gain root-level privileges on the same VM.
How can this vulnerability impact me? :
If exploited, this vulnerability allows a local attacker with limited privileges to escalate their access to root on the affected VM. This can lead to full control over the VM, potentially allowing the attacker to manipulate data, disrupt services, or further compromise the system.