CVE-2025-41246

CWE-863Incorrect Authorization3 documents3 sources
Severity
7.6HIGH
EPSS
0.0%
top 92.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Tools
Timeline
PublishedSep 29

Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages1 packages

CVEListV5vmware/tools13.x.x.x13.0.5.0+2

🔴Vulnerability Details

2
CVEList
Improper authorisation vulnerability2025-09-29
GHSA
GHSA-8c4m-2wpp-9qmh: VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls2025-09-29
CVE-2025-41246 (HIGH CVSS 7.6) | VMware Tools for Windows contains a | cvebase.io