CVE-2025-41244

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild.

Added: Oct 30, 2025 Remediation due: Nov 20, 2025

Weakness Type (CWE)

CWE-267 CWE-267

Affected Products

Vendor	Product	Versions
vmware	aria_operations	8.0 — 8.18.5
vmware	cloud_foundation	4.0 — 5.2.2
vmware	cloud_foundation_operations	All
vmware	open_vm_tools	11.2.0 — 12.5.4
vmware	open_vm_tools	All
vmware	telco_cloud_infrastructure	2.2 — 3.0
vmware	telco_cloud_platform	4.0 — 5.0.1
debian	debian_linux	All
vmware	tools	12.5.0 — 12.5.4
vmware	tools	13.0.0.0 — 13.0.5.0
linux	linux_kernel	All
microsoft	windows	All

References

Frequently Asked Questions

What is CVE-2025-41244? +

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. It has a CVSS v3.1 base score of 7.8 (HIGH). This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

How severe is CVE-2025-41244? +

CVE-2025-41244 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2025-41244? +

CVE-2025-41244 affects products from debian, linux, microsoft, vmware, specifically: aria_operations, cloud_foundation, cloud_foundation_operations, debian_linux, linux_kernel, open_vm_tools, telco_cloud_infrastructure, telco_cloud_platform, tools, windows. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-41244? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2903

An attacker with knowledge of creating user accounts during VM deployment on Google Cloud Platform (GCP) using the OS Login …

CVE-2026-29646 9.8

In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor …

CVE-2024-39866 8.8

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users …

CVE-2025-23015 8.8

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges …

CVE-2024-55968 8.8

An issue was discovered in DTEX DEC-M (DTEX Forwarder) 6.1.1. The com.dtexsystems.helper service, responsible for handling privileged operations within the …

CVE-2025-26467 8.8

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges …

Description

CVSS v3.1 Score

CISA Known Exploited Vulnerability

Weakness Type (CWE)

Affected Products

References

Advisories & Patches

Exploits

Other References

Frequently Asked Questions

Related Vulnerabilities

Don't wait for an exploit