VMSA-2025-0015 Zero Day Vulnerability

December 2, 2025
Posted by: Chernor Jalloh
Categories:

THREAT SUMMARY

Broadcom has released security updates for VMware Aria Operations and VMware Tools to address multiple vulnerabilities that could enable local privilege escalation, information disclosure, and improper authorization bypass. Exploitation may allow attackers to gain elevated privileges or access sensitive information in affected VMware
environments.

IMPACTED PRODUCTS

• VMware Aria Operations

• VMware Tools

• VMware Cloud Foundation

• VMware Telco Cloud Platform

• VMware Telco Cloud Infrastructure

VULNERABILITIES

1. Local Privilege Escalation (CVE-2025-41244)

• CVSSv3 Score: 7.8 (High)

• Impact: Allows a malicious local user with non-admin rights on a VM running VMware Tools managed by Aria Operations to escalate privileges to root.

• Workarounds: None

• Fix Available: Yes

2. Information Disclosure (CVE-2025-41245)
• CVSSv3 Score: 4.9 (Moderate)

• Impact: Non-administrative users in Aria Operations could disclose credentials of other users.

• Workarounds: None

• Fix Available: Yes

3. Improper Authorization (CVE-2025-41246)
• CVSSv3 Score: 7.6 (High)

• Impact: In VMware Tools for Windows, authenticated non-admin users may leverage improper access controls to reach other guest VMs, provided they possess credentials of target VMs and vCenter/ESX.

• Workarounds: None

• Fix Available: Yes

RESOLUTION / FIXED VERSIONS

Patches are available for all impacted products. Administrators are strongly advised to upgrade to the following secure versions:

• VMware Aria Operations: 8.18.5

• VMware Tools (Windows/Linux): 13.0.5 / 12.5.4

• VMware Cloud Foundation Operations: 9.0.1.0

• VMware Telco Cloud Platform & Infrastructure: Apply version 8.18.5 or referenced KBs

MITIGATION

• No workarounds are available. Immediate patching is required.

• Monitor for unusual privilege escalation attempts and unauthorized access to credentials.

• Validate that VMware Tools across environments are updated consistently.

REFERENCES

• Broadcom VMSA-2025-0015 Advisory

• CVE-2025-41244

• CVE-2025-41245

• CVE-2025-41246

• SL-CSIRT

Action Required: Organizations running affected VMware products should apply the patches immediately to mitigate the risk of privilege escalation and unauthorized access within virtual environments.

National Cybersecurity Coordination Centre Launches Sierra Leone’s National CSIRT and Digital Forensics Lab Freetown, Sierra Leone

14/01/2025

Cybersecurity Awareness Training for Government Ministries: Enhancing Digital Security

10/01/2025

Cyber Awareness School Debate: Uniting 16 Schools for Cybersecurity Education

10/01/2025

Cyber Hour Radio Program

27/07/2024

Workshop on the Budapest Convention

08/06/2024

Global Conference on Cyber Capacity Building

08/06/2024

how can we help you?

NC3 is dedicated to safeguarding your digital world. Our team of experts is here to provide comprehensive cyber security solutions tailored to your needs. Whether you’re a small business, a large corporation, or an individual seeking to enhance your online security.

02/12/2025

Security Alert: VMware Updates Released

02/12/2025

Critical Vulnerability in Linux/Unix Sudo Utility Actively Exploited

02/12/2025

Critical Security Alert on Linux/Unix Sudo Utility

02/12/2025

Microsoft Patches Updates Addressing 81 Security Vulnerabilities

21/11/2025

VMSA-2025-0015 Zero Day Vulnerability

THREAT SUMMARY

IMPACTED PRODUCTS

VULNERABILITIES

MITIGATION

REFERENCES

National Cybersecurity Coordination Centre Launches Sierra Leone’s National CSIRT and Digital Forensics Lab Freetown, Sierra Leone

Cybersecurity Awareness Training for Government Ministries: Enhancing Digital Security

Cyber Awareness School Debate: Uniting 16 Schools for Cybersecurity Education

Cyber Hour Radio Program

Workshop on the Budapest Convention

Global Conference on Cyber Capacity Building