VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

Advisory ID: | VMSA-2025-0015.1 ---|--- Advisory Severity: | Important CVSSv3 Range: | 4.9 -7.8 Synopsis: | VMware Aria Operations and VMware Tools updates address multiple vulnerabilities CVE-2025-41244,CVE-2025-41245, CVE-2025-41246 Issue date: | 2025-09-29 Updated on: | 2025-10-30 CVEs |...

The vulnerability in the virtual network adapter VMXNET3 of VMware ESXi, Workstation, Fusion, and Cloud Foundation exists due to a write-off outside the buffer, allowing an attacker to execute arbitrary code.

The vulnerability in the virtual network adapter VMXNET3 of VMware ESXi, Workstation, Fusion, and Cloud Foundation software lies in buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code...

VMware Cloud Foundation 安全漏洞

VMware Cloud Foundation is an all-in-one hybrid cloud platform from VMware. The platform includes features such as operations automation, infrastructure auto-configuration and integrated lifecycle management. An information disclosure vulnerability exists in VMware Cloud Foundation, which can be...

The vulnerability of the VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure involves writing arbitrary values anywhere and overflowing buffers. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure are related to writing arbitrary values anywhere and overwriting buffers. Exploiting this...

VMware Aria Automation and VMware Cloud Foundation Security Vulnerabilities

VMware Cloud Foundation and VMware Aria Automation are both products of VMware, Inc. VMware Cloud Foundation is an all-in-one hybrid cloud platform. VMware Cloud Foundation is an all-in-one hybrid cloud platform that includes operations automation, infrastructure auto-configuration, and integrate...

PT-2024-1101 · Vmware · Vmware Cloud Foundation +1

Name of the Vulnerable Software and Affected Versions: VMware Aria Automation formerly vRealize Automation versions prior to the fixed version VMware Cloud Foundation formerly Aria Automation versions prior to the fixed version Description: The issue is related to a Missing Access Control...

The platform for automating work processes in VMware vRealize Orchestrator is vulnerable. The tools for managing virtual infrastructure in VMware vRealize Automation and the VMware Cloud Foundation virtualization platform are also vulnerable. This vulnerability stems from incorrect restrictions on XML references to external objects, allowing attackers to carry out XXE attacks.

The vulnerability of the VMware vRealize Orchestrator platform, which is used for automating work processes, as well as the VMware vRealize Automation tool for managing virtual infrastructure, and the VMware Cloud Foundation virtualization platform, is related to incorrect restrictions on XML...

VMware vRealize Orchestrator 代码问题漏洞

VMware vRealize Orchestrator is a workflow automation solution from VMware. It is designed to simplify the automation of complex IT tasks. A security vulnerability exists in VMware vRealize Orchestrator that originated when a malicious actor with unmanaged access to vRealize Orchestrator was able...

VMware Workspace One Access和VMware Identity Manager 访问控制错误漏洞

VMware Workspace One Access and VMware Identity Manager are both products of VMware, Inc.VMware Workspace One Access is a centralized management console that enables you to manage users and groups, set and manage authentication and access policies, and add resources to a directory and manage...

Vulnerabilities fixed in several VMware products

VMWare has fixed several vulnerabilities in its products: VMware Workspace ONE Access and Identity Manager, VMware ESXi, VMware Workstation Pro / Player, VMware Fusion Pro / Fusion, VMware Cloud Foundation and VMware vRealize Impact A malicious party could potentially exploit the vulnerabilities ...

多款VMware产品权限许可和访问控制问题漏洞

VMware Cloud Foundation and others are products of VMware, Inc.VMware Cloud Foundation is an all-in-one hybrid cloud platform.VMware Workspace One Access is a centralized management console through which you can manage users and groups, set and manage authentication and access policies, as well a...

The vulnerability of the NSX for vSphere and Cloud Foundation network virtualization platform arises from the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the NSX for vSphere and Cloud Foundation network virtualization platforms exists due to the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability could allow a attacker to execute arbitrary commands...

The vulnerability of the VMware Workspace ONE Access application management platform, the VMware Identity Manager administration console, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software for managing application lifecycles is related to a flaw that allows attackers to disclose protected information.

The vulnerabilities of the VMware Workspace ONE Access application management platform, the VMware Identity Manager administration console, the VMware Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software are related to information disclosure. Exploiting thes...

The vulnerability of the VMware Identity Manager administration console, the Workspace ONE Access application management platform, the Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software for application lifecycle management, arises from improper code generation. This allows an attacker to execute arbitrary code.

The vulnerabilities of VMware Identity Manager administration consoles, Workspace ONE Access application management platform, Cloud Foundation virtualization platform, and the vRealize Suite Lifecycle Manager software are related to improper code generation. Exploiting these vulnerabilities allow...

The vulnerability of the vSphere Web Client (FLEX/Flash) component, which manages virtual infrastructure, affects both Vmware vCenter Server and VMware Cloud Foundation. This vulnerability allows an attacker to gain unauthorized access to protected information.

The vulnerability of the vSphere Web Client’s FLEX/Flash component, which is used for managing virtual infrastructure such as VMware vCenter Server and VMware Cloud Foundation, stems from deficiencies in path name checking for access to restricted directories. Exploiting this vulnerability could...

PT-2021-4966

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions affected versions not specified VMware Cloud Foundation versions affected versions not specified Description The issue is related to a privilege escalation vulnerability in the IWA Integrated Windows Authenticati...

The vulnerability of the management tools for virtual infrastructure, such as VMware vCenter Server and VMware Cloud Foundation, relates to insecure management of privileges, allowing attackers to escalate their privileges.

The vulnerability of the management tool for virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, is related to insecure management of privileges. Exploiting this vulnerability can allow attackers to increase their privileges...

The vulnerability of the Analytics service in the management tool for virtual infrastructure, VMware vCenter Server, and the virtualization platform, VMware Cloud Foundation, allows a attacker to trigger a service failure.

The vulnerability of the Analytics service in the management tool for VMware vCenter Server and VMware Cloud Foundation virtualization platforms exists due to insufficient validation of input data. Exploiting this vulnerability can allow attackers to cause service failures...

The vulnerability of the VMware vSphere Life-cycle Manager module, a management tool for virtual infrastructure, allows a hacker to delete arbitrary files. This vulnerability exists in the VMware vCenter Server virtualization platform and the VMware Cloud Foundation.

The vulnerability of the VMware vSphere Life-cycle Manager, a management tool for virtual infrastructure, related to VMware vCenter Server and VMware Cloud Foundation virtualization platforms, is associated with privilege management errors. Exploiting this vulnerability could allow an attacker to...

The vulnerability of the OpenSLP supervisor of VMware ESXi and the VMware Cloud Foundation virtualization platform allows a attacker to trigger a service failure.

The vulnerability of the OpenSLP supervisor of VMware ESXi and the VMware Cloud Foundation virtualization platform relates to reading data outside the buffer in memory. Exploiting this vulnerability can allow a malicious actor to cause service failures by connecting through port 427...