Broadcom Patches VMware Flaws: Privilege Escalation and Info Disclosure Vulnerabilities Affect VMware Tools and Aria Operations

Broadcom has released patches addressing three vulnerabilities in VMware Aria Operations and VMware Tools, with severities ranging from Moderate to Important. These flaws—CVE-2025-41244, CVE-2025-41245, and CVE-2025-41246—affect a wide range of VMware products, including VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure.

CVE-2025-41244 – Local Privilege Escalation (CVSS 7.8)

Broadcom warns: “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.”

The flaw, reported by Maxime Thiebaut (NVISO), is rated Important. Patches are available in VMware Tools 13.0.5, 12.5.4, and Aria Operations 8.18.5.

CVE-2025-41245 – Information Disclosure in Aria Operations (CVSS 4.9)

This moderate-severity issue impacts Aria Operations directly. According to the advisory, “A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.”

It was responsibly disclosed by Sven Nobis and Lorin Lehawany of ERNW GmbH. Fixes are included in Aria Operations 8.18.5 and related platform updates.

CVE-2025-41246 – Improper Authorization in VMware Tools (CVSS 7.6)

The third flaw impacts VMware Tools for Windows. Broadcom explains: “VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls… A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs.”

This vulnerability was reported by Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway). Patches are included in VMware Tools 13.0.5 and 12.5.4.

Affected Products

• VMware Aria Operations (8.x, 5.x, 4.x, 3.x, 2.x)
• VMware Tools (13.x.x, 12.x.x, 11.x.x for Windows/Linux)
• VMware Cloud Foundation
• VMware Telco Cloud Platform
• VMware Telco Cloud Infrastructure

Mitigation

Broadcom advises customers to apply the patched versions immediately. No workarounds are available. In particular, organizations should:

• Update VMware Tools to 13.0.5 (Windows/Linux) or 12.5.4 where applicable.
• Update Aria Operations to 8.18.5.
• Apply the latest Cloud Foundation KB92148 updates.

Related Posts:

• VMware Aria Operations Flaws Expose Credentials, Enable Privilege Escalation
• VMware Aria Operations Hit By Multiple Vulnerabilities
• VMware fixes critical security bugs (CVE-2023-34039 & CVE-2023-20890) in Aria Operations for Networks
• VMware Addresses Local Privilege Escalation Vulnerability (CVE-2025-22231)
• The EU unease about Broadcom attempts to buy Qualcomm: Privacy data may be leaked