{"id":7298,"date":"2025-09-30T10:03:53","date_gmt":"2025-09-30T10:03:53","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/09\/30\/vmware-tools-and-aria-operations-vulnerabilities-let-attackers-escalate-privileges-to-root\/"},"modified":"2025-09-30T10:03:53","modified_gmt":"2025-09-30T10:03:53","slug":"vmware-tools-and-aria-operations-vulnerabilities-let-attackers-escalate-privileges-to-root","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/09\/30\/vmware-tools-and-aria-operations-vulnerabilities-let-attackers-escalate-privileges-to-root\/","title":{"rendered":"VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root"},"content":{"rendered":"<p>    VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>VMware has released an advisory to address three high-severity vulnerabilities in VMware Aria Operations, <a href=\"https:\/\/cybersecuritynews.com\/vmware-tools-for-windows-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">VMware Tools<\/a>, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure.\u00a0<\/p>\n<p>Disclosed on 29 September 2025, the advisory covers CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246 with CVSSv3 base scores ranging from 4.9 to 7.8.\u00a0<\/p>\n<p>Administrators must apply the patched versions immediately to prevent local <a href=\"https:\/\/cybersecuritynews.com\/solarwinds-dameware-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">privilege escalation<\/a>, information disclosure, and improper authorization exploits.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-local-privilege-escalation-flaw-cve-2025-41244\"><strong>Local Privilege Escalation Flaw (CVE-2025-41244)<\/strong><\/h2>\n<p>CVE-2025-41244 is a local privilege escalation vulnerability impacting VMware Aria Operations (all 8.x versions), VMware Tools (12.x, 13.x), and VMware Cloud Foundation Operations.\u00a0<\/p>\n<p>A malicious local actor with non-administrative privileges on a VM with VMware Tools installed and managed by Aria Operations (SDMP enabled) can exploit this flaw to escalate privileges to root.\u00a0<\/p>\n<p>Broadcom assigned a CVSSv3 base score of 7.8 (AV:L\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H). Resolution requires upgrading to:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img data-recalc-dims=\"1\" fetchpriority=\"high\" decoding=\"async\" width=\"521\" height=\"96\" src=\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-197.png?resize=521%2C96&#038;ssl=1\" alt=\"VMware Aria Operations and VMware Tools Vulnerabilities\" class=\"wp-image-128413\" srcset=\"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-197.png 521w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-197-300x55.png 300w, https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-197-150x28.png 150w\" sizes=\"(max-width: 521px) 100vw, 521px\"><\/figure>\n<\/div>\n<p>Fixed versions include Aria Operations 8.18.5, VMware Tools 13.0.5.0 and 12.5.4, and Cloud Foundation Operations 9.0.1.0. No workarounds are available.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-information-disclosure-and-improper-authorization-flaws\"><strong>Information Disclosure and Improper Authorization Flaws<\/strong><\/h2>\n<p>CVE-2025-41245 introduces an information disclosure vulnerability in <a href=\"https:\/\/cybersecuritynews.com\/vmware-aria-operations-vulnerabilities-admin\/\" target=\"_blank\" rel=\"noreferrer noopener\">VMware Aria Operations.<\/a>\u00a0<\/p>\n<p>An attacker with non-administrative Aria Operations access can disclose other users\u2019 credentials. This flaw carries a CVSSv3 score of 4.9 (AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N).\u00a0<\/p>\n<p>Administrators should upgrade Aria Operations to 8.18.5 or apply the KB92148 patch for earlier Cloud Foundation versions. CVE-2025-41246 is an improper authorization vulnerability in VMware Tools for Windows (all 12.x and 13.x releases).\u00a0<\/p>\n<p>A malicious user already authenticated via vCenter or ESX could pivot to other guest VMs if they know the target VM credentials. Its CVSSv3 score is 7.6 (AV:A\/AC:H\/PR:H\/UI:N\/S:C\/C:H\/I:H\/A:H).\u00a0<\/p>\n<p>Remediation requires updating VMware Tools for Windows to 13.0.5 or 12.5.4.<\/p>\n<figure class=\"wp-block-table aligncenter\">\n<table class=\"has-fixed-layout\">\n<tbody>\n<tr>\n<td><strong>CVE ID<\/strong><\/td>\n<td><strong>Title<\/strong><\/td>\n<td><strong>CVSSv3.1 Score<\/strong><\/td>\n<td><strong>Severity<\/strong><\/td>\n<\/tr>\n<tr>\n<td>CVE-2025-41244<\/td>\n<td>Local privilege escalation<\/td>\n<td>7.8<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>CVE-2025-41245<\/td>\n<td>Information disclosure<\/td>\n<td>4.9<\/td>\n<td>Important<\/td>\n<\/tr>\n<tr>\n<td>CVE-2025-41246<\/td>\n<td>Improper authorization<\/td>\n<td>7.6<\/td>\n<td>Important<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p>Broadcom credits Maxime Thiebaut (NVISO), Sven Nobis and Lorin Lehawany (ERNW), and Tom J\u00f8ran S\u00f8nstebyseter R\u00f8nning (@L1v1ng0ffTh3L4N) for reporting these issues.<\/p>\n<p>No workarounds exist for any of these vulnerabilities. All affected environments should implement the patches immediately <a href=\"https:\/\/support.broadcom.com\/web\/ecx\/support-content-notification\/-\/external\/content\/SecurityAdvisories\/0\/36149\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">issued by<\/a> Broadcom.\u00a0<\/p>\n<p>Administrators without patching capability can temporarily restrict local VM user privileges and limit access to Aria Operations consoles.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for daily cybersecurity updates. <a href=\"https:\/\/cybersecuritynews.com\/contact-us\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Contact us<\/a> to feature your stories.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/vmware-tools-and-aria-operations-vulnerabilities\/\">VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Florence Nightingale<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/vmware-tools-and-aria-operations-vulnerabilities\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root VMware has released an advisory to address three high-severity vulnerabilities in VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure.\u00a0 Disclosed on 29 September 2025, the advisory covers CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246 with CVSSv3 base [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-7298","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7298"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7298"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7298\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}