{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41244", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-04-16T09:30:17.799Z", "datePublished": "2025-09-29T16:09:51.871Z", "dateUpdated": "2025-10-07T16:07:30.319Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "VCF operations", "vendor": "VMware", "versions": [{"lessThan": "9.0.1.0", "status": "affected", "version": "9.0.x", "versionType": "commercial"}]}, {"defaultStatus": "unaffected", "product": "VMware tools", "vendor": "VMware", "versions": [{"lessThan": "13.0.5.0", "status": "affected", "version": "13.x.x.x", "versionType": "commercial"}, {"lessThan": "12.5.4", "status": "affected", "version": "12.5.x", "versionType": "commercial"}]}, {"defaultStatus": "unaffected", "product": "VMware Aria Operations", "vendor": "VMware", "versions": [{"lessThan": "8.18.5", "status": "affected", "version": "8.18.x", "versionType": "commercial"}]}, {"defaultStatus": "unaffected", "product": "VMware Cloud Foundation", "vendor": "VMware", "versions": [{"lessThan": "8.18.5", "status": "affected", "version": "5.x", "versionType": "commercial"}, {"lessThan": "8.18.5", "status": "affected", "version": "4.x", "versionType": "commercial"}]}, {"defaultStatus": "unaffected", "product": "VMware Telco Cloud Platform", "vendor": "VMware", "versions": [{"lessThan": "8.18.5", "status": "affected", "version": "5.x", "versionType": "commercial"}, {"lessThan": "8.18.5", "status": "affected", "version": "4.x", "versionType": "commercial"}]}, {"defaultStatus": "unaffected", "product": "VMware Telco Cloud Infrastructure", "vendor": "VMware", "versions": [{"lessThan": "8.18.5", "status": "affected", "version": "3.x", "versionType": "commercial"}, {"lessThan": "8.18.5", "status": "affected", "version": "2.x", "versionType": "commercial"}]}], "datePublic": "2025-09-29T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious local actor with non-administrative privileges having access to a VM with </span><span style=\"background-color: rgb(255, 255, 255);\">VMware Tools</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.</span></span><br><br>"}], "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-267", "description": "CWE-267", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-09-29T16:16:24.967Z"}, "references": [{"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"}], "source": {"discovery": "UNKNOWN"}, "title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/", "tags": ["exploit", "technical-description"]}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149", "tags": ["vendor-advisory"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-01T03:55:53.240091Z", "id": "CVE-2025-41244", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-07T16:07:30.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41244", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-01T03:55:53.240091Z"}}}], "references": [{"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/", "tags": ["exploit", "technical-description"]}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149", "tags": ["vendor-advisory"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T12:17:39.261Z"}}], "cna": {"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "VCF operations", "versions": [{"status": "affected", "version": "9.0.x", "lessThan": "9.0.1.0", "versionType": "commercial"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware tools", "versions": [{"status": "affected", "version": "13.x.x.x", "lessThan": "13.0.5.0", "versionType": "commercial"}, {"status": "affected", "version": "12.5.x", "lessThan": "12.5.4", "versionType": "commercial"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware Aria Operations", "versions": [{"status": "affected", "version": "8.18.x", "lessThan": "8.18.5", "versionType": "commercial"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware Cloud Foundation", "versions": [{"status": "affected", "version": "5.x", "lessThan": "8.18.5", "versionType": "commercial"}, {"status": "affected", "version": "4.x", "lessThan": "8.18.5", "versionType": "commercial"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware Telco Cloud Platform", "versions": [{"status": "affected", "version": "5.x", "lessThan": "8.18.5", "versionType": "commercial"}, {"status": "affected", "version": "4.x", "lessThan": "8.18.5", "versionType": "commercial"}], "defaultStatus": "unaffected"}, {"vendor": "VMware", "product": "VMware Telco Cloud Infrastructure", "versions": [{"status": "affected", "version": "3.x", "lessThan": "8.18.5", "versionType": "commercial"}, {"status": "affected", "version": "2.x", "lessThan": "8.18.5", "versionType": "commercial"}], "defaultStatus": "unaffected"}], "datePublic": "2025-09-29T16:00:00.000Z", "references": [{"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious local actor with non-administrative privileges having access to a VM with </span><span style=\"background-color: rgb(255, 255, 255);\">VMware Tools</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.</span></span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-267", "description": "CWE-267"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-09-29T16:16:24.967Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41244", "state": "PUBLISHED", "dateUpdated": "2025-10-07T16:07:30.319Z", "dateReserved": "2025-04-16T09:30:17.799Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-09-29T16:09:51.871Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "id": "CVE-2025-41244", "lastModified": "2025-10-07T16:15:54.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-09-29T17:15:30.843", "references": [{"source": "security@vmware.com", "url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-267"}], "source": "security@vmware.com", "type": "Secondary"}]}

{"bugzilla": {"description": "open-vm-tools: open-vm-tools", "id": "2397752", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397752"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.8", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-280", "details": ["VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.", "A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest VM may exploit this vulnerability to escalate privileges to root on the same VM."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-41244", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "open-vm-tools", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:rhivos:1", "fix_state": "Affected", "package_name": "open-vm-tools", "product_name": "Red Hat In-Vehicle Operating System 1"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-09-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-41244\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-41244"], "statement": "This vulnerability was rated Important because, while it requires local code execution, the exploitation is trivial and leads to full compromise of privileged contexts such as root. The flaw lies in VMware\u2019s service-discovery logic, which can execute attacker-controlled binaries from writable paths like /tmp. An unprivileged user who runs a process with a listening socket can have it invoked by the privileged discovery routine, resulting in arbitrary code execution. Only systems with guest service discovery enabled are affected; those without this feature configured are not exposed.", "threat_severity": "Important"}