{"dataType": "CVE_RECORD", "containers": {"adp": [{"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"not yet assigned\"}"}}}], "affected": [{"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.2.0-1+deb12u4", "versionType": "deb"}], "platforms": ["bookworm"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.2.5-2+deb11u5", "versionType": "deb"}], "platforms": ["bullseye"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:13.0.5-1", "versionType": "deb"}], "platforms": ["forky", "sid"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-containerinfo-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-desktop-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-dev", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}, {"vendor": "debian", "product": "open-vm-tools-sdmp-dbgsym", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-2+deb13u1", "versionType": "deb"}], "platforms": ["trixie"], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-tracker.debian.org/tracker/CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "providerMetadata": {"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian", "dateUpdated": "2025-09-30T00:00:00.000Z", "x_subShortName": "debian"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-41244", "name": "CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.  \n\nSecurity Fix(es):  \n\n  * open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-10-07T00:00:00Z", "x_subShortName": "alma_10"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-41244", "name": "CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.  \n\nSecurity Fix(es):  \n\n  * open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-10-07T00:00:00Z", "x_subShortName": "alma_8"}}, {"credits": [{"lang": "en", "value": "packager@almalinux.org"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "almalinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}, {"vendor": "almalinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:almalinux:almalinux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-41244", "name": "CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.  \n\nSecurity Fix(es):  \n\n  * open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000001", "shortName": "almalinux", "dateUpdated": "2025-10-07T00:00:00Z", "x_subShortName": "alma_9"}}, {"metrics": [{"other": {"type": "Unknown", "content": {"data": "{\"description\":\"unspecified\"}"}}}], "affected": [{"vendor": "fedora", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.10-2.fc42", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:42"], "defaultStatus": "unaffected"}, {"vendor": "fedora", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.10-2.fc43", "versionType": "rpm"}], "platforms": ["cpe:/o:fedoraproject:fedora:43"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-33c6aa1881"}, {"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-55bb6efd14"}], "descriptions": [{"lang": "en", "value": "[CISA Major Incident] CVE-2025-41244 open-vm-tools: Local privilege escalation in open-vm-tools [fedora-42]"}], "providerMetadata": {"orgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5", "shortName": "fedora", "dateUpdated": "2026-02-07T00:57:38Z", "x_subShortName": "fedora"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"IMPORTANT\"}"}}}], "affected": [{"vendor": "oraclelinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:10"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.0.1.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.0.1.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.0.1.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.0.1.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:8"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}, {"vendor": "oraclelinux", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.0.1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:oracle:linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://linux.oracle.com/cve/CVE-2025-41244.html"}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000006", "shortName": "oraclelinux", "dateUpdated": "2025-10-07T00:00:00Z", "x_subShortName": "oraclelinux"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-test-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-41244"}, {"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397752"}, {"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41244"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine (VM) could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries from writable paths such as /tmp. Exploitation requires the open-vm-tools-sdmp package to be installed and guest service discovery to be enabled."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-29T00:00:00Z", "x_subShortName": "redhat_10"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-devel", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "platforms": ["cpe:/o:redhat:enterprise_linux:7"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "Red Hat's versions of the associated software have been determined to NOT be affected by CVE-2025-41244."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-29T00:00:00Z", "x_subShortName": "redhat_7"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:17509"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-29T00:00:00Z", "x_subShortName": "redhat_8"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "redhat", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}, {"vendor": "redhat", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2025:17428"}, {"url": "https://access.redhat.com/security/cve/CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.\n\nSecurity Fix(es):\n\n* open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-09-29T00:00:00Z", "x_subShortName": "redhat_9"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "rocky", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-test-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el10_0.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:10"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.3.5-2.el8_10.1", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:8"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}, {"vendor": "rocky", "product": "open-vm-tools-test-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:12.5.0-1.el9_6.2", "versionType": "rpm"}], "platforms": ["cpe:/o:rocky:rocky:9"], "defaultStatus": "unaffected"}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397752"}], "descriptions": [{"lang": "en", "value": "open-vm-tools: Local privilege escalation in open-vm-tools (CVE-2025-41244)"}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000004", "shortName": "rocky", "dateUpdated": "2025-10-08T17:10:30Z", "x_subShortName": "rocky"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.0-150300.64.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:23.4", "cpe:/o:suse:oes-release:24.4", "cpe:/o:suse:sles-ltss:15:sp3", "cpe:/o:suse:sles-ltss:15:sp4", "cpe:/o:suse:sles-ltss:15:sp5", "cpe:/o:suse:sles:15:sp3", "cpe:/o:suse:sles:15:sp4", "cpe:/o:suse:sles:15:sp5", "cpe:/o:suse:sles_sap:15:sp3", "cpe:/o:suse:sles_sap:15:sp4", "cpe:/o:suse:sles_sap:15:sp5", "cpe:/o:suse:sles_teradata:15:sp4"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-containers:15:sp6", "cpe:/o:suse:sle-module-containers:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-desktop-applications:15:sp6", "cpe:/o:suse:sle-module-desktop-applications:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools-devel", "platforms": ["cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles:15"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "platforms": ["cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles:15"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "platforms": ["cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles:15"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "platforms": ["cpe:/o:suse:sles-ltss:15", "cpe:/o:suse:sles:15"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:11.3.5-150200.5.16.22.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss:15:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:11.3.5-150200.5.16.22.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss:15:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:11.3.5-150200.5.16.22.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss:15:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:11.3.5-150200.5.16.22.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss:15:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:11.3.5-150200.5.16.22.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss:15:sp2"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1250373"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244", "name": "Mitre CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002073.html", "name": "RHSA-2025:17428"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002062.html", "name": "RHSA-2025:17509"}, {"url": "https://www.suse.com/security/cve/CVE-2025-41244", "name": "SUSE CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044791.html", "name": "SUSE-RU-2026:20677-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041978.html", "name": "SUSE-SU-2025:03434-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041980.html", "name": "SUSE-SU-2025:03435-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041977.html", "name": "SUSE-SU-2025:03436-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042071.html", "name": "SUSE-SU-2025:03535-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042084.html", "name": "SUSE-SU-2025:03585-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042325.html", "name": "SUSE-SU-2025:20853-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042312.html", "name": "SUSE-SU-2025:20866-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023883.html", "name": "SUSE-SU-2026:20100-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023876.html", "name": "SUSE-SU-2026:20114-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.  A malicious local actor with non-administrative privileges having access to a VM with VMware Tools  installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-10-01T00:00:00Z", "x_subShortName": "suse_server_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-basesystem:15:sp6", "cpe:/o:suse:sle-module-basesystem:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-150600.3.21.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:oes-release:25.4", "cpe:/o:suse:sle-module-desktop-applications:15:sp6", "cpe:/o:suse:sle-module-desktop-applications:15:sp7", "cpe:/o:suse:sle_hpc:15:sp6", "cpe:/o:suse:sle_hpc:15:sp7", "cpe:/o:suse:sled:15:sp6", "cpe:/o:suse:sled:15:sp7", "cpe:/o:suse:sles:15:sp6", "cpe:/o:suse:sles:15:sp7", "cpe:/o:suse:sles_sap:15:sp6", "cpe:/o:suse:sles_sap:15:sp7"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1250373"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244", "name": "Mitre CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002073.html", "name": "RHSA-2025:17428"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002062.html", "name": "RHSA-2025:17509"}, {"url": "https://www.suse.com/security/cve/CVE-2025-41244", "name": "SUSE CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044791.html", "name": "SUSE-RU-2026:20677-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041978.html", "name": "SUSE-SU-2025:03434-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041980.html", "name": "SUSE-SU-2025:03435-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041977.html", "name": "SUSE-SU-2025:03436-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042071.html", "name": "SUSE-SU-2025:03535-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042084.html", "name": "SUSE-SU-2025:03585-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042325.html", "name": "SUSE-SU-2025:20853-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042312.html", "name": "SUSE-SU-2025:20866-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023883.html", "name": "SUSE-SU-2026:20100-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023876.html", "name": "SUSE-SU-2026:20114-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.  A malicious local actor with non-administrative privileges having access to a VM with VMware Tools  installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-10-01T00:00:00Z", "x_subShortName": "suse_desktop_15"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-4.92.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-4.92.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-4.92.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-4.92.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-4.92.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles-ltss-extended-security:12:sp5", "cpe:/o:suse:sles:12:sp5"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "platforms": ["cpe:/o:suse:sles:12:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "platforms": ["cpe:/o:suse:sles:12:sp2"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "platforms": ["cpe:/o:suse:sles:12:sp2"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1250373"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244", "name": "Mitre CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002073.html", "name": "RHSA-2025:17428"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002062.html", "name": "RHSA-2025:17509"}, {"url": "https://www.suse.com/security/cve/CVE-2025-41244", "name": "SUSE CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044791.html", "name": "SUSE-RU-2026:20677-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041978.html", "name": "SUSE-SU-2025:03434-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041980.html", "name": "SUSE-SU-2025:03435-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041977.html", "name": "SUSE-SU-2025:03436-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042071.html", "name": "SUSE-SU-2025:03535-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042084.html", "name": "SUSE-SU-2025:03585-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042325.html", "name": "SUSE-SU-2025:20853-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042312.html", "name": "SUSE-SU-2025:20866-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023883.html", "name": "SUSE-SU-2026:20100-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023876.html", "name": "SUSE-SU-2026:20114-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.  A malicious local actor with non-administrative privileges having access to a VM with VMware Tools  installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2025-10-01T00:00:00Z", "x_subShortName": "suse_server_12"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"Important\"}"}}}], "affected": [{"vendor": "suse", "product": "libvmtools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "libvmtools0", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}, {"vendor": "suse", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "0:13.0.5-160000.1.1", "versionType": "rpm"}], "platforms": ["cpe:/o:suse:sles:16.0", "cpe:/o:suse:sles_sap:16.0"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "SUSE bug 1250373"}], "references": [{"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244", "name": "Mitre CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002073.html", "name": "RHSA-2025:17428"}, {"url": "https://lists.suse.com/pipermail/suse-liberty-linux-updates/2025-October/002062.html", "name": "RHSA-2025:17509"}, {"url": "https://www.suse.com/security/cve/CVE-2025-41244", "name": "SUSE CVE-2025-41244"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2026-March/044791.html", "name": "SUSE-RU-2026:20677-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041978.html", "name": "SUSE-SU-2025:03434-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041980.html", "name": "SUSE-SU-2025:03435-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041977.html", "name": "SUSE-SU-2025:03436-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042071.html", "name": "SUSE-SU-2025:03535-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042084.html", "name": "SUSE-SU-2025:03585-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042325.html", "name": "SUSE-SU-2025:20853-1"}, {"url": "https://lists.suse.com/pipermail/sle-updates/2025-October/042312.html", "name": "SUSE-SU-2025:20866-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023883.html", "name": "SUSE-SU-2026:20100-1"}, {"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023876.html", "name": "SUSE-SU-2026:20114-1"}], "descriptions": [{"lang": "en", "value": "\n    VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.  A malicious local actor with non-administrative privileges having access to a VM with VMware Tools  installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\n    "}], "providerMetadata": {"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse", "dateUpdated": "2026-01-24T00:00:00Z", "x_subShortName": "suse_server_16"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "Unknown", "content": {"data": "{\"description\":\"medium\"}"}}}], "affected": [{"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:11.3.0-2ubuntu0~ubuntu20.04.8+esm1", "versionType": "custom"}], "platforms": ["focal"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.3.5-3~ubuntu0.22.04.3", "versionType": "custom"}], "platforms": ["jammy"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-containerinfo", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}, {"vendor": "canonical", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "2:12.5.0-1~ubuntu0.24.04.2", "versionType": "custom"}], "platforms": ["noble"], "defaultStatus": "unaffected"}], "references": [{"url": "https://ubuntu.com/security/CVE-2025-41244"}, {"url": "https://ubuntu.com/security/notices/USN-7785-1"}, {"url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilegeescalation vulnerability. A malicious local actor with non-administrativeprivileges having access to a VM with VMware Tools installed and managed byAria Operations with SDMP enabled may exploit this vulnerability toescalate privileges to root on the same VM."}], "providerMetadata": {"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical", "dateUpdated": "2025-09-29T00:00:00Z", "x_subShortName": "canonical"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2.0.4", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-10-14T14:54:00Z", "x_subShortName": "alas_2"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "amazon", "product": "open-vm-tools", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-debugsource", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-desktop-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-devel", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-salt-minion", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-sdmp-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}, {"vendor": "amazon", "product": "open-vm-tools-test-debuginfo", "versions": [{"status": "affected", "version": "0", "lessThan": "12.3.0-1.amzn2023.0.5", "versionType": "rpm"}], "defaultStatus": "unaffected"}], "references": [{"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-41244"}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000000", "shortName": "alas", "dateUpdated": "2025-10-14T10:12:00Z", "x_subShortName": "alas_2023"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "aria_operations", "versions": [{"status": "affected", "version": "8.0", "lessThan": "8.18.5", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "cloud_foundation", "versions": [{"status": "affected", "version": "4.0", "versionType": "custom", "lessThanOrEqual": "5.2.2"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:cloud_foundation_operations:9.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "cloud_foundation_operations", "versions": [{"status": "affected", "version": "9.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*", "cpe:2.3:a:vmware:open_vm_tools:13.0.0:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "open_vm_tools", "versions": [{"status": "affected", "version": "11.2.0", "lessThan": "12.5.4", "versionType": "custom"}, {"status": "affected", "version": "13.0.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "telco_cloud_infrastructure", "versions": [{"status": "affected", "version": "2.2", "versionType": "custom", "lessThanOrEqual": "3.0"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "telco_cloud_platform", "versions": [{"status": "affected", "version": "4.0", "lessThan": "5.0.1", "versionType": "custom"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "tools", "versions": [{"status": "affected", "version": "12.5.0", "lessThan": "12.5.4", "versionType": "custom"}, {"status": "affected", "version": "13.0.0.0", "lessThan": "13.0.5.0", "versionType": "custom"}], "platforms": ["arch", "bionic", "bookworm", "bullseye", "buster", "cpe:2.3:o:almalinux:almalinux:*:*:*:*:*:*:*:*", "cpe:2.3:o:amazon:amazon_linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:*:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:*:*:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:*:*:*:*:*:*:*:*", "cpe:2.3:o:rocky:rocky:*:*:*:*:*:*:*:*", "cpe:2.3:o:suse:sled:*:*:*:*:*:*:*:*", "cpe:2.3:o:suse:sles:*:*:*:*:*:*:*:*", "faye", "focal", "jammy", "jessie", "noble", "sid", "stretch", "trixie", "trusty", "ulyana", "ulyssa", "uma", "una", "vanessa", "vera", "victoria", "virginia", "wilma", "xenial"], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*"], "vendor": "debian", "product": "debian_linux", "versions": [{"status": "affected", "version": "11.0"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/", "tags": ["exploit", "third-party-advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10", "tags": ["mailing-list", "third-party-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html", "tags": ["mailing-list", "third-party-advisory"]}, {"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149", "tags": ["permissions-required"]}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149", "tags": ["vendor-advisory"]}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244", "tags": ["x_us-government-resource"]}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-267", "description": "CWE-267"}]}], "providerMetadata": {"orgId": "00000000-0000-4000-A000-000000000003", "shortName": "nvd", "dateUpdated": "2025-09-29T17:15:30Z", "x_subShortName": "nvd"}}}, "cveMetadata": {"cveId": "CVE-2025-41244", "state": "PUBLISHED", "dateUpdated": "2025-11-06T13:58:13Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-09-29T17:15:30Z", "assignerShortName": "vmware"}, "dataVersion": "5.0"}