CVE-2025-41244

📊 7.8 HIGH⚡ 0.0%🎯 2 exploits🏛️ KEV Listed

📅 Published Sep 29, 2025

📋 Status: Awaiting Analysis

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVSS v3.1 • [email protected]

Metrics

7.8 HIGHCVSS v3.1[email protected]

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector:

LOCAL

Complexity:

LOW

Privileges:

LOW

User Interaction:

NONE

Confidentiality:

HIGH

Integrity:

HIGH

Availability:

HIGH

Scope:

UNCHANGED

🔍 Technical Details

Analysis Status

Awaiting Analysis

CVSS Details

7.8 (HIGH)v3.1

Source: [email protected]

EPSS Details

0.0% (Minimal)0.4th percentile

Last updated: Oct 30, 2025

Exploitation probability within 30 days

Published Date

Sep 29, 2025 (1 month ago)

Last Modified

Oct 31, 2025 (1 day ago)

Security Weaknesses1

CWE-267

Available exploits (2)

🔐 Sign-in Required

References5

NVDadvisoryadvisory+2