VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

特权定义了不安全动作

VMware Tools和VMware Aria Operations 安全漏洞

VMware Tools和VMware Aria Operations都是美国威睿（VMware）公司的产品。VMware Tools是一款VMWare虚拟机自带的增强工具，它是VMware提供的用于增强虚拟显卡和硬盘性能、以及同步虚拟机与主机时钟的驱动程序。VMware Aria Operations是一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台，适用于私有云、混合云和多云环境。 VMware Tools和VMware Aria Operations存在安全漏洞，该漏洞源于本地非特权攻击者可利

N/A

N/A