VMSA-2025-0015 – VMware Aria Operations and VMware Tools – Multiple Vulnerabilities
VMware by Broadcom has released VMware Aria Operations and VMware Tools updates address multiple vulnerabilities CVE-2025-41244, CVE-2025-41245, CVE-2025-41246. Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.
Impacted Products
- VMware Aria Operations
- VMware Tools
- VMware Cloud Foundation
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
CVE-2025-41244 | Local privilege escalation vulnerability
Description:
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Resolution:
To remediate CVE-2025-41244 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
CVE-2025-41245 | VMware Aria Operations Information disclosure vulnerability
Description:
VMware Aria Operations contains an information disclosure vulnerability. Broadcom has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
Resolution:
To remediate CVE-2025-41245 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Response Matrix CVE-2025-41244 & CVE-2025-41245:
| Product | Version | Running On | CVE | Severity | Fixed Version | Workaround |
| VMware Cloud FoundationVMware vSphere Foundation | 9.x.x.x | Any | CVE-2025-41244 | Important | 9.0.1.0 | None |
| VMware Cloud FoundationVMware vSphere Foundation | 13.x.x.x [2] | Windows, Linux | CVE-2025-41244 | Important | 13.0.5.0 | None |
| VMware Aria Operations | 8.x | Any | CVE-2025-41244, CVE-2025-41245 | Important | 8.18.5 | None |
| VMware Tools | 13.x.x | Windows, Linux | CVE-2025-41244 | Important | 13.0.5 | None |
| VMware Tools | 12.x.x, 11.x.x | Windows, Linux | CVE-2025-41244 | Important | 12.5.4 | None |
| VMware Cloud Foundation | 5.x, 4.x | Any | CVE-2025-41244, CVE-2025-41245 | Important | KB92148 | None |
| VMware Telco Cloud Platform | 5.x, 4.x | Any | CVE-2025-41244, CVE-2025-41245 | Important | 8.18.5 | None |
| VMware Telco Cloud Infrastructure | 3.x, 2.x | Any | CVE-2025-41244, CVE-2025-41245 | Important | 8.18.5 | None |
CVE-2025-41246 | VMware Tools improper authorisation vulnerability
Description:
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.
Resolution:
To remediate CVE-2025-41246 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Notes:
[1] VMware Tools 12.4.9 which is part of VMware Tools 12.5.4, also addresses the issue for Windows 32-bit.
[2] This issue affects only VMware Tools for Windows
Response Matrix CVE-2025-41246:
| Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workaround |
| VMware Cloud FoundationVMware vSphere Foundation | 13.x.x.x [2] | Windows | CVE-2025-41246 | 7.6 | Important | 13.0.5.0 | None |
| VMware Tools [2] | 13.x.x | Windows | CVE-2025-41246 | 7.6 | Important | 13.0.5 | None |
| VMware Tools [2] | 12.x.x, 11.x.x | Windows | CVE-2025-41246 | 7.6 | Important | 12.5.4 | None |
| VMware Tools | 12.x.x, 11.x.x | Linux | CVE-2025-41246 | N/A | N/A | Unaffected | N/A |
| VMware Tools | 12.x.x, 11.x.x | macOS | CVE-2025-41246 | N/A | N/A | Unaffected | N/A |
You can also check my VMware Product Release page for more information regarding released products, release notes, and download links.
Sources:
Broadcom Blog Post
Change Log:
30.10.2025 – Broadcom has information to suggest that suspected exploitation of CVE-2025-41244 has occurred in the wild.
