CVE-2025-41244

moderate-risk

Published 2025-09-29

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Do I need to act?

0.59% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (9)

Aria Operations

Cloud Foundation

Cloud Foundation Operations

Open Vm Tools

Telco Cloud Infrastructure

Telco Cloud Platform

Debian Linux

Tools

Affected Vendors

Debian Vmware

References (6)

Permissions Required http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Sec...

Mailing List http://www.openwall.com/lists/oss-security/2025/09/29/10

Mailing List https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html

Exploit https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

Vendor Advisory https://support.broadcom.com/web/ecx/support-content-notification/-/external/con...

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 9/34 · Low

Exposure 15/34 · Moderate