VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root

Posted on By CWS

VMware has launched an advisory to handle three high-severity vulnerabilities in VMware Aria Operations, VMware Instruments, VMware Cloud Basis, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure. 

Disclosed on 29 September 2025, the advisory covers CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246 with CVSSv3 base scores starting from 4.9 to 7.8. 

Directors should apply the patched variations instantly to forestall native privilege escalation, info disclosure, and improper authorization exploits.

Native Privilege Escalation Flaw (CVE-2025-41244)

CVE-2025-41244 is a neighborhood privilege escalation vulnerability impacting VMware Aria Operations (all 8.x variations), VMware Instruments (12.x, 13.x), and VMware Cloud Basis Operations. 

A malicious native actor with non-administrative privileges on a VM with VMware Instruments put in and managed by Aria Operations (SDMP enabled) can exploit this flaw to escalate privileges to root. 

Broadcom assigned a CVSSv3 base rating of seven.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Decision requires upgrading to:

Fastened variations embody Aria Operations 8.18.5, VMware Instruments 13.0.5.0 and 12.5.4, and Cloud Basis Operations 9.0.1.0. No workarounds can be found.

Data Disclosure and Improper Authorization Flaws

CVE-2025-41245 introduces an info disclosure vulnerability in VMware Aria Operations. 

An attacker with non-administrative Aria Operations entry can disclose different customers’ credentials. This flaw carries a CVSSv3 rating of 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 

Directors ought to improve Aria Operations to eight.18.5 or apply the KB92148 patch for earlier Cloud Basis variations. CVE-2025-41246 is an improper authorization vulnerability in VMware Instruments for Home windows (all 12.x and 13.x releases). 

A malicious person already authenticated by way of vCenter or ESX may pivot to different visitor VMs in the event that they know the goal VM credentials. Its CVSSv3 rating is 7.6 (AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). 

Remediation requires updating VMware Instruments for Home windows to 13.0.5 or 12.5.4.

CVE IDTitleCVSSv3.1 ScoreSeverityCVE-2025-41244Local privilege escalation7.8ImportantCVE-2025-41245Information disclosure4.9ImportantCVE-2025-41246Improper authorization7.6Important

Broadcom credit Maxime Thiebaut (NVISO), Sven Nobis and Lorin Lehawany (ERNW), and Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) for reporting these points.

No workarounds exist for any of those vulnerabilities. All affected environments ought to implement the patches instantly issued by Broadcom. 

Directors with out patching functionality can briefly limit native VM person privileges and restrict entry to Aria Operations consoles.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

New Clickfix Attack Promises “Free WiFi” But Delivers Powershell Based Malware Cyber Security News
VOIP-Based Botnet Attacking Routers Configured With Default Password Cyber Security News
North Korean Hackers Using Fake Zoom Invites to Attack Crypto Startups Cyber Security News
New Vulnerability Affects All Intel Processors From The Last 6 Years Cyber Security News
New Namespace Reuse Vulnerability Allows Remote Code Execution in Microsoft Azure AI, Google Vertex AI, and Hugging Face Cyber Security News
11,000 Android Devices Hacked by Chinese Threats Actors to Deploy PlayPraetor Malware Cyber Security News