⚠ Actively exploited
Added to CISA KEV on 2025-10-30. Federal agencies required to patch by 2025-11-20. Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable..
Severity
7.8HIGH
EPSS
0.6%
top 30.76%
CISA KEV
KEV
Added 2025-10-30
Due 2025-11-20
Exploit
No known exploits
Affected products
Timeline
PublishedSep 29
KEV addedOct 30
KEV dueNov 20
Latest updateDec 3
CISA Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Description
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages14 packages
Also affects: Debian Linux 11.0
🔴Vulnerability Details
4GHSA▶
GHSA-76fp-m4vp-hxrq: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability↗2025-09-29
OSV▶
CVE-2025-41244: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability↗2025-09-29
CVEList▶
VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)↗2025-09-29
VulnCheck▶
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability↗2025