CVE-2025-41245NVD

Vulnerability Summary

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

Severity Level

MEDIUM(4.9)

Published Date

Sep 29, 2025

Last Modified

Sep 29, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-1188: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredHigh

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-41245NVD

Vulnerability Summary

External References