Vmware Open Vm Tools vulnerabilities

5 known vulnerabilities affecting vmware/open_vm_tools.

Total CVEs

5

CISA KEV

1

actively exploited

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2025-41244HIGHCVSS 7.8KEV≥ 11.2.0, < 12.5.4v13.0.02025-09-29

CVE-2025-41244 [HIGH] CWE-267 CVE-2025-41244: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malici VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVE-2023-34058HIGHCVSS 7.5≥ 11.0.0, ≤ 12.3.02023-10-27

CVE-2023-34058 [HIGH] CWE-347 CVE-2023-34058: VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been g VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been a

CVE-2023-34059HIGHCVSS 7.0≥ 11.0.0, ≤ 12.3.02023-10-27

CVE-2023-34059 [HIGH] CWE-404 CVE-2023-34059: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A mal open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

CVE-2023-20900HIGHCVSS 7.5≥ 10.3.0, < 12.3.02023-08-31

CVE-2023-20900 [HIGH] CWE-294 CVE-2023-20900: A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMwar A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.c

CVE-2009-1142MEDIUMCVSS 6.7v2009.03.18-1548482022-11-23

CVE-2009-1142 [MEDIUM] CWE-59 CVE-2009-1142: An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a sy An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.