Home

Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-29 | Updated 2025-09-30 | Assigner vmware




HIGH: 7.6CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-863 Incorrect Authorization

Product status

Default status
unaffected

13.x.x.x before 13.0.5.0
affected

12.x.x before 12.5.4
affected

11.x.x
affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/36149

cve.org (CVE-2025-41246)

nvd.nist.gov (CVE-2025-41246)

Download JSON