theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2025-41244

CISA KEV

Published October 30, 2025 · Updated April 3, 2026

high
Official Description+

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Affected Products

VendorProduct
BroadcomVMware Aria Operations and VMware Tools

Patch Status

Patch by 2025-11-20

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2025-41244.