CVE-2025-41244

HIGH KEV

Vmware Aria Operations < 8.18.5 - Privilege Escalation

Title source: rule

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Exploits (3)

nomisec WORKING POC 2 stars
by NULL200OK · poc
https://github.com/NULL200OK/CVE-2025-41244
nomisec SCANNER 1 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-41244
github WORKING POC
by haspiranti · golocal
https://github.com/haspiranti/CVE-2025-41244-PoC

References (6)

Scores

CVSS v3 7.8
EPSS 0.0059
EPSS Percentile 69.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2025-10-30
VulnCheck KEV 2025-09-29
ENISA EUVD EUVD-2025-31589
CWE
CWE-267
Status published
Products (9)
debian/debian_linux 11.0
vmware/aria_operations 8.0 - 8.18.5
vmware/cloud_foundation 4.0 - 5.2.2
vmware/cloud_foundation_operations 9.0
vmware/open_vm_tools 13.0.0
vmware/open_vm_tools 11.2.0 - 12.5.4
vmware/telco_cloud_infrastructure 2.2 - 3.0
vmware/telco_cloud_platform 4.0 - 5.0.1
vmware/tools 12.5.0 - 12.5.4
Published Sep 29, 2025
KEV Added Oct 30, 2025
Tracked Since Feb 18, 2026