COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-41244

CVE-2025-41244

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2025-10-30
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
⌖ exploited in the wild shame 50/100 exploited-in-wild

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploi

Players implicated

Broadcom · vendorVMware Aria Operations and VMware Tools · product

Description

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.