CVE-2025-41245

Name of the Vulnerable Software and Affected Versions VMware Aria Operations (affected versions not specified)

Description VMware Aria Operations has an information disclosure issue due to insecure resource initialization. An attacker operating remotely may be able to reveal sensitive information. A malicious actor with non-administrative privileges within Aria Operations may exploit this to disclose credentials of other Aria Operations users. Additionally, VMware Aria Operations and VMware Tools contain a local privilege escalation issue. A local malicious actor with non-administrative privileges, with access to a virtual machine with VMware Tools installed and managed by Aria Operations with SDMP enabled, may be able to escalate privileges to root on the same virtual machine.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.