On September 29, 2025, VMware disclosed three significant vulnerabilities affecting its Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure products. These vulnerabilities, identified as CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246, have CVSSv3 base scores ranging from 4.9 to 7.8, indicating their severity. Administrators are strongly advised to apply the provided patches promptly to mitigate risks associated with local privilege escalation, information disclosure, and improper authorization.
Local Privilege Escalation Vulnerability (CVE-2025-41244):
CVE-2025-41244 is a critical vulnerability that allows local users with non-administrative privileges on a virtual machine (VM) running VMware Tools and managed by Aria Operations (with SDMP enabled) to escalate their privileges to root. This flaw affects all versions of VMware Aria Operations 8.x, VMware Tools versions 12.x and 13.x, and VMware Cloud Foundation Operations. Broadcom has assigned this vulnerability a CVSSv3 base score of 7.8, reflecting its high impact.
Information Disclosure Vulnerability (CVE-2025-41245):
CVE-2025-41245 pertains to an information disclosure issue within VMware Aria Operations. An attacker with non-administrative access to Aria Operations can exploit this vulnerability to access credentials of other users. This vulnerability has been assigned a CVSSv3 score of 4.9, indicating a moderate severity level. Administrators should upgrade Aria Operations to version 8.18.5 or apply the KB92148 patch for earlier versions of Cloud Foundation to address this issue.
Improper Authorization Vulnerability (CVE-2025-41246):
CVE-2025-41246 is an improper authorization vulnerability found in VMware Tools for Windows (all 12.x and 13.x releases). An authenticated user with access via vCenter or ESX could exploit this flaw to pivot to other guest VMs, provided they have knowledge of the target VM’s credentials. This vulnerability carries a CVSSv3 score of 7.6, denoting a high severity level. To remediate this issue, administrators should update VMware Tools for Windows to versions 13.0.5 or 12.5.4.
Recommendations:
Given the absence of workarounds for these vulnerabilities, immediate action is essential. Administrators should implement the patches provided by Broadcom without delay. In environments where immediate patching is not feasible, it is advisable to restrict local VM user privileges and limit access to Aria Operations consoles to mitigate potential exploitation.
