{"id":"CVE-2025-41244","details":"VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.","modified":"2026-04-16T04:39:52.681449463Z","published":"2025-09-29T17:15:30.843Z","related":["ALSA-2025:17428","ALSA-2025:17429","ALSA-2025:17509","SUSE-RU-2026:20677-1","SUSE-SU-2025:03434-1","SUSE-SU-2025:03435-1","SUSE-SU-2025:03436-1","SUSE-SU-2025:03535-1","SUSE-SU-2025:03585-1","SUSE-SU-2025:20853-1","SUSE-SU-2025:20866-1","SUSE-SU-2026:20100-1","SUSE-SU-2026:20114-1","openSUSE-SU-2025:15595-1","openSUSE-SU-2026:20067-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2025/09/29/10"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"},{"type":"ADVISORY","url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"},{"type":"REPORT","url":"http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"},{"type":"EVIDENCE","url":"https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vmware/open-vm-tools","events":[{"introduced":"0"},{"last_affected":"d84ff325e0a00fda99537027e41c10cc0ee5110f"},{"introduced":"8acaae0cc520a55c496ab850263c7f8ac66f33b9"},{"fixed":"49ebc382812d037b185720bd72d56b4ed0f4a7c6"},{"introduced":"0"},{"last_affected":"3c28b6f4d9af2df2027a9df9c82e2f0196bd8bf7"},{"introduced":"0"},{"last_affected":"801d4b7f4978945aa0fd53259011e2da6345cc43"},{"introduced":"f2ca37ef3510543172657b82493d1eceefa9a134"},{"fixed":"49ebc382812d037b185720bd72d56b4ed0f4a7c6"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0"},{"introduced":"11.2.0"},{"fixed":"12.5.4"},{"introduced":"0"},{"last_affected":"13.0.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"12.5.0"},{"fixed":"12.5.4"}]}}],"versions":["2008.02.13-77928","2008.04.04-87182","2008.05.02-90473","2008.05.15-93084","2008.05.15-93241","2008.06.03-96374","2008.06.20-100027","2008.07.01-102166","2008.10.10-123053","2008.11.18-130226","2008.12.23-137496","2009.01.21-142982","2009.02.18-148847","2009.03.18-154848","2009.04.23-162451","2009.05.22-167859","2009.06.18-172495","2009.07.22-179896","2009.08.24-187411","2009.09.18-193784","2009.10.15-201664","2009.11.16-210370","2009.12.16-217847","2010.01.19-226760","2010.02.23-236320","2010.03.20-243334","2010.04.25-253928","2010.06.16-268169","2010.07.25-280253","2010.08.24-292196","2010.09.19-301124","2010.10.18-313025","2010.11.17-327185","2010.12.19-339835","2011.01.24-354108","2011.03.28-387002","2011.04.25-402641","2011.05.27-420096","2011.06.27-437995","2011.07.19-450511","2011.08.21-471295","2011.09.23-491607","2011.10.26-514583","2011.11.20-535097","2011.12.20-562307","2012.03.13-651368","2012.05.21-724730","2012.10.14-874563","2012.12.26-958366","2013.04.16-1098359","2013.09.16-1328054","open-vm-tools-10.0.0-3000743","p4-sync-929606","stable-10.0.5","stable-11.0.0","stable-12.5.0","stable-12.5.2","stable-13.0.0","stable-9.0.0","stable-9.10.0","stable-9.10.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"8.0"},{"fixed":"8.18.5"}]},{"events":[{"introduced":"4.0"},{"last_affected":"5.2.2"}]},{"events":[{"introduced":"2.2"},{"last_affected":"3.0"}]},{"events":[{"introduced":"4.0"},{"fixed":"5.0.1"}]},{"events":[{"introduced":"13.0.0.0"},{"fixed":"13.0.5.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-41244.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}