10
Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege, sensitive information disclosure and security restriction bypass on the targeted system.
Note:
CVE-2025-41244 is actively exploited in the wild. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. Hence, the risk level is rated as Medium Risk.