VYPR
Unrated severityCISA KEVNVD Advisory· Published Sep 29, 2025· Updated Feb 26, 2026

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

CVE-2025-41244

Description

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Affected products

48

Patches

Vulnerability mechanics

References

1

News mentions

1