CVE-2025-41246NVD

Vulnerability Summary

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

Severity Level

HIGH(7.6)

Published Date

Sep 29, 2025

Last Modified

Sep 29, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-863: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorAdjacent

Attack ComplexityHigh

Privileges RequiredHigh

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-41246NVD

Vulnerability Summary

External References