CVE-2025-41246

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows (affected versions not specified)

Description VMware Tools contains an improper authorisation issue related to how it manages user access controls. A malicious actor with non-administrative privileges on a guest virtual machine (VM), who is already authenticated through vCenter or ESX, may be able to access other guest VMs. Successful exploitation requires knowledge of credentials for the targeted VMs and vCenter or ESX. The issue allows for potential lateral movement within a virtualised environment. The vulnerability impacts the confidentiality, integrity, and availability of protected information.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.