CVE-2025-41244: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having…

high7.8CVSS 3.1

AVLACLPRLUINSUCHIHAH

KEV

CISA Known Exploited Vulnerabilitydue 2025-11-20

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Affected

22 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	open-vm-tools	< open-vm-tools 2:12.2.0-1+deb12u4 (bookworm)	open-vm-tools 2:12.2.0-1+deb12u4 (bookworm)
vmware	aria_operations	>= 8.0 < 8.18.5	8.18.5
vmware	cloud_foundation	4.0 – 5.2.2	—
vmware	cloud_foundation_operations	—	—
vmware	open-vm-tools	>= 0 < 2:11.2.5-2+deb11u5	2:11.2.5-2+deb11u5
vmware	open-vm-tools	>= 0 < 2:12.2.0-1+deb12u4	2:12.2.0-1+deb12u4
vmware	open-vm-tools	>= 0 < 2:12.5.0-2+deb13u1	2:12.5.0-2+deb13u1
vmware	open-vm-tools	>= 0 < 2:13.0.5-1	2:13.0.5-1
vmware	open_vm_tools	—	—
vmware	open_vm_tools	>= 11.2.0 < 12.5.4	12.5.4
vmware	telco_cloud_infrastructure	2.2 – 3.0	—
vmware	telco_cloud_platform	>= 4.0 < 5.0.1	5.0.1
vmware	tools	>= 12.5.0 < 12.5.4	12.5.4
vmware	tools	>= 13.0.0.0 < 13.0.5.0	13.0.5.0
vmware	vmware_aria_operations	>= 8.18.x < 8.18.5	8.18.5
vmware	vmware_cloud_foundation	>= 4.x < 8.18.5	8.18.5
vmware	vmware_cloud_foundation	>= 5.x < 8.18.5	8.18.5
vmware	vmware_telco_cloud_infrastructure	>= 2.x < 8.18.5	8.18.5
vmware	vmware_telco_cloud_infrastructure	>= 3.x < 8.18.5	8.18.5
vmware	vmware_telco_cloud_platform	>= 4.x < 8.18.5	8.18.5
vmware	vmware_telco_cloud_platform	>= 5.x < 8.18.5	8.18.5

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

osv7.8HIGH

vulncheck7.8HIGH

cisa7.8HIGH