7.8

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
VendorVMware
Product VCF operations
Default Statusunaffected
Version < 9.0.1.0
Version 9.0.x
Status affected
VendorVMware
Product VMware tools
Default Statusunaffected
Version < 13.0.5.0
Version 13.x.x.x
Status affected
Version < 12.5.4
Version 12.5.x
Status affected
VendorVMware
Product VMware Aria Operations
Default Statusunaffected
Version < 8.18.5
Version 8.18.x
Status affected
VendorVMware
Product VMware Cloud Foundation
Default Statusunaffected
Version < 8.18.5
Version 5.x
Status affected
Version < 8.18.5
Version 4.x
Status affected
VendorVMware
Product VMware Telco Cloud Platform
Default Statusunaffected
Version < 8.18.5
Version 5.x
Status affected
Version < 8.18.5
Version 4.x
Status affected
VendorVMware
Product VMware Telco Cloud Infrastructure
Default Statusunaffected
Version < 8.18.5
Version 3.x
Status affected
Version < 8.18.5
Version 2.x
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.02% 0.025
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
security@vmware.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-267 Privilege Defined With Unsafe Actions

A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.