CVE-2025-41244
Published: 29 September 2025
Summary
CVE-2025-41244 is a high-severity Privilege Defined With Unsafe Actions (CWE-267) vulnerability in Vmware Open Vm Tools. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 32.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability tracked as CVE-2025-41244. The flaw affects virtual machines running VMware Tools that are managed by Aria Operations when SDMP is enabled, allowing a local actor to gain elevated access on the guest operating system. It carries a CVSS 3.1 score of 7.8 and is associated with CWE-267.
A malicious local actor who already possesses non-administrative access to such a VM can exploit the issue to escalate privileges to root on the same virtual machine. The attack requires no user interaction and occurs entirely within the guest environment.
Broadcom security advisory VMSA-2025-0015 and related vendor notices direct customers to apply the updates released for VMware Aria Operations and VMware Tools to remediate the vulnerability along with two companion issues.
EPSS for the CVE rose from a low baseline to a peak of 0.0101, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-31589
Vulnerability details
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability…
more
to escalate privileges to root on the same VM.
- CWE(s)
- KEV Date Added
- 30 October 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local privilege escalation vulnerability directly enables exploitation for privilege escalation (T1068) from non-admin to root within the VM.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely application of Broadcom's patches for VMware Aria Operations and VMware Tools directly remediates the local privilege escalation vulnerability.
Least privilege limits non-administrative users' capabilities on the VM, reducing the feasibility and impact of privilege escalation to root.
Access enforcement mechanisms restrict unauthorized privilege elevations by local actors within the VM despite the vulnerability.