Broadcom Releases Security Updates for VMware Aria Operations, Tools, and Cloud Foundation

Security advisory addresses three vulnerabilities that could result in privilege escalation

Threat ID:: CC-4704
Threat Severity:: Medium
Published:: 30 September 2025 2:33 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security advisory addresses three vulnerabilities that could result in privilege escalation

Affected platforms

The following platforms are known to be affected:

VMware Aria Operations

8.x prior to 8.18.5

Note: VMware Aria Operations versions installed as part of VMware Telco Cloud Infrastructure, VMware Telco Cloud Platform, and VMware Cloud Foundation are also vulnerable.

VMware Cloud Foundation

9.x.x.x prior to 9.0.1.0

VMware Tools

11.x.x all versions
12.x.x prior to 12.5.4
13.x.x prior to 13.0.5

Threat details

Exploitation of CVE-2025-41244

Security researchers have reported exploitation of CVE-2025-41244 in the wild. The NHS England National CSOC assesses further exploitation as highly likely.

Introduction

Broadcom has released security updates to address vulnerabilities in VMware Aria Operations, Tools, and Cloud Foundation components of VMware products.

The updates address 2 high severity and 1 medium severity vulnerabilities.

CVE-2025-41244 - "Privilege defined with unsafe actions" vulnerability - CVSSv3 score of 7.8
CVE-2025-41245 - "Initialisation of a resource with an insecure default" vulnerability - CVSSv3 score of 4.9
CVE-2025-41246 - "Incorrect authorisation" vulnerability - CVSSv3 score of 7.6

Remediation advice

Affected organisations are encouraged to review Broadcom's VMSA-2025-0015 advisory and apply the relevant updates as soon as possible.

Definitive source of threat updates

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

CVE Vulnerabilities

Status Published

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Status Published

CVE-2025-41245

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

Status Published

CVE-2025-41246

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

Last edited: 30 September 2025 2:46 pm