vulnerability

Ubuntu: USN-7785-1 (CVE-2025-41244): Open VM Tools vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:L/AC:L/Au:S/C:C/I:C/A:C)	Sep 29, 2025	Sep 30, 2025	Nov 4, 2025

Severity

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

Sep 29, 2025

Added

Sep 30, 2025

Modified

Nov 4, 2025

Description

It was discovered that Open VM Tools incorrectly handled permissions with
version checking. An attacker could possibly use this issue to escalate
privileges inside a virtual machine.

This update disables the SDMP get-versions.sh script, so version
information may no longer be made available.

Solution

ubuntu-pro-upgrade-open-vm-tools

References

CVE-2025-41244
https://attackerkb.com/topics/CVE-2025-41244
CWE-267
UBUNTU-USN-7785-1
URL-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
URL-https://ubuntu.com/security/notices/USN-7785-1
URL-https://www.cve.org/CVERecord?id=CVE-2025-41244

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today