CVE-2025-41244

HIGH KEV

Vmware Aria Operations < 8.18.5 - Privilege Escalation

Title source: rule

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Exploits (3)

nomisec WORKING POC 2 stars
by NULL200OK · poc
https://github.com/NULL200OK/CVE-2025-41244
nomisec SCANNER 1 stars
by rxerium · poc
https://github.com/rxerium/CVE-2025-41244
github WORKING POC
by haspiranti · golocal
https://github.com/haspiranti/CVE-2025-41244-PoC

References (6)

Scores

CVSS v3 7.8
EPSS 0.0047
EPSS Percentile 64.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2025-10-30
VulnCheck KEV 2025-09-29
ENISA EUVD EUVD-2025-31589

Classification

CWE
CWE-267
Status published

Affected Products (9)

vmware/aria_operations < 8.18.5
vmware/cloud_foundation < 5.2.2
vmware/cloud_foundation_operations
vmware/open_vm_tools < 12.5.4
vmware/open_vm_tools
vmware/telco_cloud_infrastructure < 3.0
vmware/telco_cloud_platform < 5.0.1
debian/debian_linux
vmware/tools < 12.5.4

Timeline

Published Sep 29, 2025
KEV Added Oct 30, 2025
Tracked Since Feb 18, 2026