By Lerpong Intaraworrpath | October 4th, 2025
VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
| Advisory ID: | VMSA-2025-0015 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 4.9 -7.8 |
| Synopsis: | VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) |
| Issue date: | 2025-09-29 |
| Updated on: | 2025-09-29 (Initial Advisory) |
| CVE(s) | CVE-2025-41244, CVE-2025-41245, CVE-2025-41246 |
Impacted Products:
- VMware Aria Operations – version 8.x
- VMware Tools – 13.x.x, 12.x.x, 11.x.x
- VMware Cloud Foundation – 5.x, 4.x, 9.x.x.x
- VMware Telco Cloud Platform – 5.x, 4.x
- VMware Telco Cloud Infrastructure – 3.x, 2.x
Introduction
Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.
A.Local privilege escalation vulnerability (CVE-2025-41244)
B.VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)
C.VMware Tools improper authorisation vulnerability (CVE-2025-41246)