VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root

Posted on By CWS

VMware has launched an advisory to handle three high-severity vulnerabilities in VMware Aria Operations, VMware Instruments, VMware Cloud Basis, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure. 

Disclosed on 29 September 2025, the advisory covers CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246 with CVSSv3 base scores starting from 4.9 to 7.8. 

Directors should apply the patched variations instantly to forestall native privilege escalation, info disclosure, and improper authorization exploits.

Native Privilege Escalation Flaw (CVE-2025-41244)

CVE-2025-41244 is a neighborhood privilege escalation vulnerability impacting VMware Aria Operations (all 8.x variations), VMware Instruments (12.x, 13.x), and VMware Cloud Basis Operations. 

A malicious native actor with non-administrative privileges on a VM with VMware Instruments put in and managed by Aria Operations (SDMP enabled) can exploit this flaw to escalate privileges to root. 

Broadcom assigned a CVSSv3 base rating of seven.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Decision requires upgrading to:

Fastened variations embody Aria Operations 8.18.5, VMware Instruments 13.0.5.0 and 12.5.4, and Cloud Basis Operations 9.0.1.0. No workarounds can be found.

Data Disclosure and Improper Authorization Flaws

CVE-2025-41245 introduces an info disclosure vulnerability in VMware Aria Operations. 

An attacker with non-administrative Aria Operations entry can disclose different customers’ credentials. This flaw carries a CVSSv3 rating of 4.9 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N). 

Directors ought to improve Aria Operations to eight.18.5 or apply the KB92148 patch for earlier Cloud Basis variations. CVE-2025-41246 is an improper authorization vulnerability in VMware Instruments for Home windows (all 12.x and 13.x releases). 

A malicious person already authenticated by way of vCenter or ESX may pivot to different visitor VMs in the event that they know the goal VM credentials. Its CVSSv3 rating is 7.6 (AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). 

Remediation requires updating VMware Instruments for Home windows to 13.0.5 or 12.5.4.

CVE IDTitleCVSSv3.1 ScoreSeverityCVE-2025-41244Local privilege escalation7.8ImportantCVE-2025-41245Information disclosure4.9ImportantCVE-2025-41246Improper authorization7.6Important

Broadcom credit Maxime Thiebaut (NVISO), Sven Nobis and Lorin Lehawany (ERNW), and Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) for reporting these points.

No workarounds exist for any of those vulnerabilities. All affected environments ought to implement the patches instantly issued by Broadcom. 

Directors with out patching functionality can briefly limit native VM person privileges and restrict entry to Aria Operations consoles.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , ,

Related Posts

CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild Cyber Security News
CoinDCX Hacked – $44.2 million Wiped off From the Platform Cyber Security News
Ferocious Kitten APT Deploying MarkiRAT to Capture Keystroke and Clipboard Logging Cyber Security News
Future of Passwords Biometrics and Passwordless Authentication Cyber Security News
Infostealers Actively Attacking macOS Users in The Wild to Steal Sensitive Data Cyber Security News
New EDR-Redir Tool Breaks EDR Exploiting Bind Filter and Cloud Filter Driver Cyber Security News