CVE-2025-41244 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

CVE-2025-41244

CVE-2025-41244 covers a local privilege-escalation in Open VM Tools used with VMware Aria Operations; a non-administrative local user with access to a VM that has VMware Tools (SDMP enabled) can escalate to root within the same VM. Affected component: open-vm-tools bundled with VMware Tools; root...

CVE-2025-41246 Improper authorisation vulnerability

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs...

CVE-2025-41246

CVE-2025-41246 affects VMware Tools for Windows. The issue is an improper authorization in how user access controls are handled. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated via vCenter or ESX, may exploit this vulnerability to access other gues...

VulnCheck KEV: CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

VMware Tools和VMware Aria Operations 安全漏洞

VMware Tools and VMware Aria Operations are both products of VMware, Inc. VMware Tools is an enhancement tool that comes with VMWare virtual machines and is a driver provided by VMware to enhance the performance of virtual graphics cards and hard drives, as well as to synchronize the clocks of th...

VMware Aria Operations 安全漏洞

VMware Aria Operations is a unified, artificial intelligence-driven, self-driving IT operations management platform for private, hybrid and multi-cloud environments from VMware. VMware Aria Operations has a security vulnerability that could be exploited by an attacker to disclose other users'...

VMware Cloud Foundation和VMware NSX 安全漏洞

VMware NSX is a network virtualization solution within VMware Cloud Foundation that enables administrators to deploy legacy and modern applications in a private/hybrid cloud.VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware, Inc. The platform includes features such as...

PT-2025-39856

Name of the Vulnerable Software and Affected Versions VMware NSX versions 4.0.x through 4.2.x VMware NSX versions 4.1.x VMware NSX-T versions 3.x VMware Cloud Foundation with NSX versions 4.5.x and 5.x VMware NSX version 9.x.x.x Description The software contains a weak password recovery mechanism...

PT-2025-39868

Name of the Vulnerable Software and Affected Versions VMware NSX versions 9.x.x.x VMware NSX versions 4.0.x through 4.2.x VMware NSX version 4.1.x NSX-T versions 3.x VMware Cloud Foundation with NSX versions 4.5.x and 5.x Description VMware NSX contains a username enumeration issue. A remote,...

VMware Tools for Windows 安全漏洞

VMware Tools for Windows is a set of Windows-based, VMWare virtual machine enhancement tools from VMware, which are drivers provided by VMware to enhance the performance of virtual graphics cards and hard disks, as well as to synchronize the clocks of the virtual machine with those of the host. A...

PT-2025-39851

Name of the Vulnerable Software and Affected Versions VMware vCenter affected versions not specified Description VMware vCenter contains an SMTP header injection vulnerability. An attacker with non-administrative privileges on vCenter, who has permission to create scheduled tasks, may be able to...

UBUNTU-CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate...

PT-2025-39835

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows affected versions not specified Description VMware Tools contains an improper authorisation issue related to how it manages user access controls. A malicious actor with non-administrative privileges on a guest virtual...

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

Advisory ID: | VMSA-2025-0015.1 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.9 -7.8 Synopsis: | VMware Aria Operations and VMware Tools updates address multiple vulnerabilities CVE-2025-41244,CVE-2025-41245, CVE-2025-41246 Issue date: | 2025-09-29 Updated on: | 2025-10-30 CVEs |...

USN-7775-2: Linux kernel (Azure) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...

USN-7769-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Cryptographic API; - ACP...

Ubuntu 22.04 LTS : Linux kernel (Azure FIPS) vulnerabilities (USN-7775-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7775-1 advisory. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in...

USN-7774-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Serial ATA and Parallel ATA...