CVEFinder.io

CVE-2025-41244

⚠️ high
🔍 Scan for this CVE
Summary

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

CVSS Score
7.8
High
EPSS Score
1.0
Exploit Probability
Published Date
2025-09-29
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.5% of all 335,456 vulnerabilities in our database.

#102,195
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Oct 30, 2025
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2025-11-06
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)

📦 Affected Products 10

🔗 References 6

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-14355 🔶 medium 5.6 0.3 In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algo... 2026-07-03
CVE-2026-56968 ℹ️ low 3.7 0.2 GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could... 2026-06-23
CVE-2026-49975 ⚠️ high 7.5 11.5 Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service vi... 2026-06-08
CVE-2026-41722 ⚠️ high 8.0 0.3 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with ... 2026-06-08
CVE-2026-41723 ⚠️ high 8.0 0.3 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with ... 2026-06-08
CVE-2026-41724 ⚠️ high 8.0 0.2 VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with ... 2026-06-08
These CVEs affect the same products