ГлавнаяУязвимости → CVE-2025-41244
7.8высокая

CVE-2025-41244

→ есть в БДУ: BDU:2025-12432 (на русском)
Описание (на английском; русское — в БДУ выше)

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Затрагиваемое ПО
Vmware Aria operationsVmware Cloud foundationVmware Cloud foundation operationsVmware Open vm toolsVmware Telco cloud infrastructureVmware Telco cloud platformDebian Debian linuxVmware ToolsLinux Linux kernelMicrosoft Windows
CVSS
Балл7.8 — высокая
ВекторCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149http://www.openwall.com/lists/oss-security/2025/09/29/10https://lists.debian.org/debian-lts-announce/2025/10/msg00000.htmlhttps://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244