DEBIAN-CVE-2025-41244

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2025-41244
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2025-41244.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2025-41244
Upstream
Downstream
Published
2025-09-29T17:15:30.843Z
Modified
2025-11-17T06:13:19.069636Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

References

Affected packages

Debian:11 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:deb/debian/open-vm-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:11.2.5-2+deb11u5

Affected versions

2:11.*

2:11.2.5-2
2:11.2.5-2+deb11u1
2:11.2.5-2+deb11u2
2:11.2.5-2+deb11u3~bpo10+1
2:11.2.5-2+deb11u3
2:11.2.5-2+deb11u4

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:deb/debian/open-vm-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2:12.*

2:12.2.0-1
2:12.2.0-1+deb12u1~bpo11+1
2:12.2.0-1+deb12u1
2:12.2.0-1+deb12u2~bpo10+1
2:12.2.0-1+deb12u2~bpo11+1
2:12.2.0-1+deb12u2
2:12.2.0-1+deb12u3
2:12.2.0-1+deb12u4
2:12.2.5-1
2:12.3.0-1~bpo12+1
2:12.3.0-1
2:12.3.5-1~bpo11+1
2:12.3.5-1~bpo12+1
2:12.3.5-1
2:12.3.5-2
2:12.3.5-3
2:12.3.5-4
2:12.3.5-5
2:12.4.0-1~bpo11+1
2:12.4.0-1~bpo12+1
2:12.4.0-1
2:12.4.5-1
2:12.5.0-1~bpo11+1
2:12.5.0-1~bpo12+1
2:12.5.0-1
2:12.5.0-2~bpo11+1
2:12.5.0-2~bpo12+1
2:12.5.0-2

2:13.*

2:13.0.0-1
2:13.0.0-2~bpo12+1
2:13.0.0-2~bpo13+1
2:13.0.0-2
2:13.0.5-1~bpo12+1
2:13.0.5-1~bpo13+1
2:13.0.5-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:deb/debian/open-vm-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:12.5.0-2+deb13u1

Affected versions

2:12.*

2:12.5.0-2

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / open-vm-tools

Package

Name
open-vm-tools
Purl
pkg:deb/debian/open-vm-tools?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2:13.0.5-1

Affected versions

2:12.*

2:12.5.0-2

2:13.*

2:13.0.0-1
2:13.0.0-2~bpo12+1
2:13.0.0-2~bpo13+1
2:13.0.0-2
2:13.0.5-1~bpo12+1
2:13.0.5-1~bpo13+1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}