CVE-2025-41244

🗓️ 29 Sep 2025 16:09:51Reported by vmwareType

cve🔗 web.nvd.nist.gov📰️ 22 Media mentions👁 110 Views

VMware Aria Operations and Tools fix multiple flaws; a non-admin VM user with access could escalate to root.

Reporter	Title	Published	Views	Family All 160
GithubExploit	Exploit for CVE-2025-41244	6 Oct 202501:35	–	githubexploit
GithubExploit	Exploit for CVE-2025-41244	30 Sep 202511:40	–	githubexploit
Tenable Nessus	Amazon Linux 2023 : open-vm-tools, open-vm-tools-desktop, open-vm-tools-devel (ALAS2023-2025-1226)	15 Oct 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : open-vm-tools, --advisory ALAS2-2025-3036 (ALAS-2025-3036)	15 Oct 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0159: open-vm-tools (ALINUX3-SA-2025:0159)	16 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : open-vm-tools (ALSA-2025:17428)	13 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 10 : open-vm-tools (ALSA-2025:17429)	9 Oct 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : open-vm-tools (ALSA-2025:17509)	14 Oct 202500:00	–	nessus
Tenable Nessus	Debian dla-4316 : open-vm-tools - security update	1 Oct 202500:00	–	nessus
Tenable Nessus	Fedora 42 : open-vm-tools (2026-33c6aa1881)	10 Feb 202600:00	–	nessus

NVD

Node

vmware aria_operationsRange8.0–8.18.5

vmware cloud_foundationRange4.0–5.2.2

vmware cloud_foundation_operationsMatch9.0

vmware open_vm_toolsRange11.2.0–12.5.4

vmware open_vm_toolsMatch13.0.0

vmware telco_cloud_infrastructureRange2.2–3.0

vmware telco_cloud_platformRange4.0–5.0.1

Node

debian debian_linuxMatch11.0

Node

vmware toolsRange12.5.0–12.5.4

vmware toolsRange13.0.0.0–13.0.5.0

AND

linux linux_kernelMatch-

microsoft windowsMatch-

[
  {
    "defaultStatus": "unaffected",
    "product": "VCF operations",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "9.0.1.0",
        "status": "affected",
        "version": "9.0.x",
        "versionType": "commercial"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware tools",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "13.0.5.0",
        "status": "affected",
        "version": "13.x.x.x",
        "versionType": "commercial"
      },
      {
        "lessThan": "12.5.4",
        "status": "affected",
        "version": "12.5.x",
        "versionType": "commercial"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Aria Operations",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "8.18.x",
        "versionType": "commercial"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Cloud Foundation",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "5.x",
        "versionType": "commercial"
      },
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "4.x",
        "versionType": "commercial"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Telco Cloud Platform",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "5.x",
        "versionType": "commercial"
      },
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "4.x",
        "versionType": "commercial"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VMware Telco Cloud Infrastructure",
    "vendor": "VMware",
    "versions": [
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "3.x",
        "versionType": "commercial"
      },
      {
        "lessThan": "8.18.5",
        "status": "affected",
        "version": "2.x",
        "versionType": "commercial"
      }
    ]
  }
]

Source	Link
support	www.support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog
support	www.support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
lists	www.lists.debian.org/debian-lts-announce/2025/10/msg00000.html
blog	www.blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/
openwall	www.openwall.com/lists/oss-security/2025/09/29/10

17 Jun 2026 09:22Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.8

EPSS0.07606

SSVC