VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Weakness
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Aria_operations | Vmware | 8.0 (including) | 8.18.5 (excluding) |
| Cloud_foundation | Vmware | 4.0 (including) | 5.2.2 (including) |
| Cloud_foundation_operations | Vmware | 9.0 (including) | 9.0 (including) |
| Open_vm_tools | Vmware | 11.2.0 (including) | 12.5.4 (excluding) |
| Open_vm_tools | Vmware | 13.0.0 (including) | 13.0.0 (including) |
| Telco_cloud_infrastructure | Vmware | 2.2 (including) | 3.0 (including) |
| Telco_cloud_platform | Vmware | 4.0 (including) | 5.0.1 (excluding) |
| Red Hat Enterprise Linux 10 | RedHat | open-vm-tools-0:12.5.0-1.el10_0.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | open-vm-tools-0:12.3.5-2.el8_10.1 | * |
| Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | open-vm-tools-0:11.2.0-2.el8_4.5 | * |
| Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | RedHat | open-vm-tools-0:11.2.0-2.el8_4.5 | * |
| Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | RedHat | open-vm-tools-0:11.3.5-1.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Telecommunications Update Service | RedHat | open-vm-tools-0:11.3.5-1.el8_6.6 | * |
| Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | RedHat | open-vm-tools-0:11.3.5-1.el8_6.6 | * |
| Red Hat Enterprise Linux 8.8 Telecommunications Update Service | RedHat | open-vm-tools-0:12.1.5-2.el8_8.5 | * |
| Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | RedHat | open-vm-tools-0:12.1.5-2.el8_8.5 | * |
| Red Hat Enterprise Linux 9 | RedHat | open-vm-tools-0:12.5.0-1.el9_6.2 | * |
| Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | RedHat | open-vm-tools-0:11.3.5-1.el9_0.6 | * |
| Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | RedHat | open-vm-tools-0:12.1.5-1.el9_2.5 | * |
| Red Hat Enterprise Linux 9.4 Extended Update Support | RedHat | open-vm-tools-0:12.3.5-2.el9_4.1 | * |
| Open-vm-tools | Ubuntu | devel | * |
| Open-vm-tools | Ubuntu | esm-infra/focal | * |
| Open-vm-tools | Ubuntu | jammy | * |
| Open-vm-tools | Ubuntu | noble | * |
| Open-vm-tools | Ubuntu | plucky | * |
| Open-vm-tools | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/58.html
- https://cwe.mitre.org/data/definitions/634.html
- https://cwe.mitre.org/data/definitions/637.html
- https://cwe.mitre.org/data/definitions/643.html
- https://cwe.mitre.org/data/definitions/648.html
References
- http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149
- http://www.openwall.com/lists/oss-security/2025/09/29/10
- https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html
- https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244