Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN650
_____________________________________________________________________

DATE                : 30/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Cloud Foundation, VMware
                    vSphere Foundation versions prior to 13.0.5.0,
                    VMware Tools versions prior to 13.0.5, 12.5.4,
        VMware Cloud Foundation Operations versions prior to 9.0.1.0,
                    VMware Aria Operations versions prior to 8.18.5.

=====================================================================
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
_____________________________________________________________________

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates
address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245,
CVE-2025-41246)

Product/Component

VCF Operations
VCF Operations
VMware Cloud Foundation
VMware Telco Cloud Infrastructure
VMware Telco Cloud Platform 


Notification Id
36149

Last Updated
29 September 2025

Initial Publication Date
29 September 2025

Status
OPEN

Severity
HIGH

CVSS Base Score
4.9-7.8

WorkAround


Affected CVE
CVE-2025-41244,CVE-2025-41245, CVE-2025-41246

 
Advisory ID:            VMSA-2025-0015
Advisory Severity:      Important
CVSSv3 Range:           4.9 -7.8
Synopsis: 	VMware Aria Operations and VMware Tools updates
address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245,
CVE-2025-41246)

Issue date:             2025-09-29
Updated on:             2025-09-29 (Initial Advisory)
CVE(s) 	CVE-2025-41244, CVE-2025-41245, CVE-2025-41246
 

 
1. Impacted Products

    VMware Aria Operations
    VMware Tools
    VMware Cloud Foundation
    VMware Telco Cloud Platform
    VMware Telco Cloud Infrastructure

2. Introduction

 Multiple vulnerabilities in VMware Aria Operations and VMware Tools
were privately reported to Broadcom. Patches are available to
remediate these vulnerabilities in affected Broadcom products.
 
3a. Local privilege escalation vulnerability (CVE-2025-41244)

Description:

VMware Aria Operations and VMware Tools contain a local privilege
escalation vulnerability. Broadcom has evaluated the severity of
this issue to be in the Important severity range with a maximum
CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious local actor with non-administrative privileges having
access to a VM with VMware Tools installed and managed by Aria
Operations with SDMP enabled may exploit this vulnerability to
escalate privileges to root on the same VM.

Resolution:

To remediate CVE-2025-41244 apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.


Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
Broadcom would like to thank Maxime Thiebaut (NVISO) for
reporting this issue to us.

Notes:
[1] VMware Tools 12.4.9 which is part of VMware Tools 12.5.4,
also addresses the issue for Windows 32-bit.
[2] A version of open-vm-tools that addresses CVE-2025-41244
will be distributed by Linux vendors.

3b. VMware Aria Operations Information disclosure vulnerability
(CVE-2025-41245)

Description:

VMware Aria Operations contains an information disclosure
vulnerability. Broadcom has evaluated the severity of this
issue to be in the Moderate severity range with a maximum
CVSSv3 base score of 4.9.

Known Attack Vectors:

A malicious actor with non-administrative privileges in Aria
Operations may exploit this vulnerability to disclose
credentials of other users of Aria Operations.

Resolution:
To remediate CVE-2025-41245 apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
Broadcom would like to thank Sven Nobis of ERNW Enno Rey
Netzwerke GmbH and Lorin Lehawany of ERNW Enno Rey Netzwerke
GmbH for reporting this issue to us.

Notes:
None.


Response Matrix 3a & 3b:

Product     Component     Version     Running On    CVE    CVSSv3
Severity    Fixed Version    Workaround    Additional Documents

VMware Cloud Foundation
VMware vSphere Foundation   VMware Cloud Foundation Operations
9.x.x.x    Any    CVE-2025-41244     7.8    Important 	
9.0.1.0    None   None

VMware Cloud Foundation
VMware vSphere Foundation    VMware Tools     13.x.x.x [2]
Windows, Linux    CVE-2025-41244     7.8    Important 	
13.0.5.0    None     None

VMware Aria Operations 	  VMware Aria Operations    8.x    Any 	
CVE-2025-41244, CVE-2025-41245   7.8 , 4.9     Important     8.18.5
None      None

VMware Tools     N/A     13.x.x     Windows, Linux    CVE-2025-41244
7.8      Important     13.0.5      None
	 
VMware Tools     N/A     12.x.x, 11.x.x     Windows, Linux
CVE-2025-41244   7.8     Important     12.5.4      None     None

VMware Cloud Foundation     VMware Aria Operations    5.x, 4.x
Any     CVE-2025-41244, CVE-2025-41245    7.8, 4.9    Important
KB92148     None      None

VMware Telco Cloud Platform     VMware Aria Operations    5.x, 4.x
Any    CVE-2025-41244, CVE-2025-41245     7.8, 4.9    Important
8.18.5     None     None

VMware Telco Cloud Infrastructure     VMware Aria Operations
3.x, 2.x     Any     CVE-2025-41244, CVE-2025-41245     7.8, 4.9
Important    8.18.5     None     None
 
 3c. VMware Tools improper authorisation vulnerability
(CVE-2025-41246)

Description: 
VMware Tools for Windows contains an improper authorisation
vulnerability due to the way it handles user access controls.
Broadcom has evaluated the severity of this issue to be in the
Important severity range with a maximum CVSSv3 base score of
7.6.

Known Attack Vectors:
A malicious actor with non-administrative privileges on a guest
VM, who is already authenticated through vCenter or ESX may
exploit this issue to access other guest VMs. Successful
exploitation requires knowledge of credentials of the targeted
VMs and vCenter or ESX. 

Resolution: 
To remediate CVE-2025-41246 apply the patches listed in the
'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None

Additional Documentation:
None

Acknowledgements:  

Broadcom would like to thank security researcher Tom Jøran
Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway)
for reporting this issue to us.

Notes:
[1] VMware Tools 12.4.9 which is part of VMware Tools 12.5.4,
also addresses the issue for Windows 32-bit.
[2] This issue affects only VMware Tools for Windows


Response Matrix :

Product     Component     Version     Running On     CVE     CVSSv3
Severity     Fixed Version     Workaround     Additional Documents

VMware Cloud Foundation
VMware vSphere Foundation    VMware Tools   13.x.x.x [2]   Windows 	
CVE-2025-41246     7.6 	   Important   13.0.5.0    None   None

 VMware Tools [2]    N/A     13.x.x     Windows     CVE-2025-41246
7.6     Important     13.0.5     None    None

 VMware Tools [2]    N/A     12.x.x, 11.x.x     Windows 	
CVE-2025-41246    7.6     Important      12.5.4    None    None

VMware Tools    N/A     12.x.x, 11.x.x     Linux     CVE-2025-41246
N/A     N/A     Unaffected    N/A      N/A

VMware Tools    N/A     12.x.x, 11.x.x     macOS     CVE-2025-41246
N/A     N/A     Unaffected     N/A     N/A

 
 4. References:

Fixed Version(s) and Release Notes:

VMware Cloud Foundation Operations 9.0.1.0

Downloads and Documentation:

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/release-notes/vmware-cloud-foundation-9-0-1-release-notes/vcf-operations-9-0-1-0000.html

https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20vSphere%20Foundation%209&release=9.0.1.0&os=&servicePk=534207&language=EN&groupId=534214&viewGroup=true


VMware vSphere Foundation 9.0.1.0-VCF Operations

Downloads and Documentation:

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/release-notes/vmware-cloud-foundation-9-0-1-release-notes/vcf-operations-9-0-1-0000.html

https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20vSphere%20Foundation%209&release=9.0.1.0&os=&servicePk=534207&language=EN&groupId=534214&viewGroup=true


VMware Aria Operations 8.18.5

Downloads and Documentation:

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations/8-18/vmware-aria-operations-8185-release-notes.html

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Aria%20Operations&displayGroup=VMware%20Aria%20Operations&release=8.18.5&os=&servicePk=&language=EN


VMware Cloud Foundation 9.0.1.0 -VMware Tools 13.0.5.0

Downloads and Documentation

https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/13-0-0/release-notes/vmware-tools-1305-release-notes.html

https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20Cloud%20Foundation%209&release=9.0.1.0&os=&servicePk=534266&language=EN&groupId=534373&viewGroup=true


VMware vSphere Foundation 9.0.1.0-VMware Tools 13.0.5.0

Downloads and Documentation

https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/13-0-0/release-notes/vmware-tools-1305-release-notes.html

https://support.broadcom.com/group/ecx/productfiles?displayGroup=VMware%20vSphere%20Foundation%209&release=9.0.1.0&os=&servicePk=534207&language=EN&groupId=534373&viewGroup=true


 VMware Tools 13.0.5

Downloads and Documentation:
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/13-0-0/release-notes/vmware-tools-1305-release-notes.html

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Tools&displayGroup=VMware%20Tools%2013.x&release=13.0.5.0&os=&servicePk=533255&language=EN&freeDownloads=true


VMware Tools 12.5.4
Downloads and Documentation:
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/tools/12-5-0/release-notes/vmware-tools-1254-release-notes.html

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Tools&displayGroup=VMware%20Tools%2012.x&release=12.5.4&os=&servicePk=&language=EN&freeDownloads=true


Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-41244

https://www.cve.org/CVERecord?id=CVE-2025-41245

https://www.cve.org/CVERecord?id=CVE-2025-41246


FIRST CVSSv3 Calculator:
CVE-2025-41244: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2025-41245: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2025-41246: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H


5. Change Log:

2025-09-29 VMSA-2025-0015
Initial security advisory.


6. Contact:


E-mail: vmware.psirt@broadcom.com

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases

https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog

https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom. All rights reserved.


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================