Broadcom on Monday announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products, including four high-severity flaws.
Both Aria Operations and VMware Tools are impacted by a high-severity local privilege escalation bug tracked as CVE-2025-41244.
“A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM,” the vendor explains.
Patches have also been rolled out for a medium-severity issue in VMware Aria Operations that could allow attackers to disclose the credentials of other users (CVE-2025-41245), and a high-severity defect in Tools for Windows that could allow attackers to access other guest VMs (CVE-2025-41246).
Fixes for these vulnerabilities were included in Aria Operations version 8.18.5, Cloud Foundation and vSphere Foundation versions 9.0.1.0 and 13.0.5.0, VMware Tools versions 13.0.5 and 12.5.4, and Telco Cloud Infrastructure versions 8.18.5 and 8.18.5.
VMware resolved a high-severity SMTP header injection bug (CVE-2025-41250) in vCenter that could allow an authenticated attacker with non-administrative privileges to “manipulate the notification emails sent for scheduled tasks”.
Additionally, it patched two high-severity flaws in NSX that could allow attackers to enumerate valid usernames.
The first, CVE-2025-41251, is described as a weak password recovery mechanism issue that could lead to brute-force attacks, while the second, CVE-2025-41252, is described as a username enumeration defect that could lead to unauthorized access attempts.
Cloud Foundation and vSphere Foundation version 9.0.1.0, vCenter versions 8.0 U3g and 7.0 U3w, Cloud Foundation versions 5.2.2 and 7.0 U3w (async patch), NSX versions 4.2.2.2, 4.2.3.1, and 4.1.2.7, and NSX-T version 3.2.4.3 contain fixes for these flaws. VMware also published patch instructions for Cloud Foundation and Telco Cloud Infrastructure.
VMware makes no mention of any of these vulnerabilities being exploited in the wild. However, users are advised to update their deployments as soon as possible.
Related: Apple Updates iOS and macOS to Prevent Malicious Font Attacks
Related: Organizations Warned of Exploited Sudo Vulnerability
Related: No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking
Related: Cybersecurity Courses Ramp Up Amid Shortage of Professionals
