vulnerability

VMware VMware Tools: CVE-2025-41246: VMware Tools improper authorisation vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:A/AC:M/Au:M/C:C/I:C/A:C)	Sep 29, 2025	Sep 30, 2025	Apr 16, 2026

Severity

CVSS

(AV:A/AC:M/Au:M/C:C/I:C/A:C)

Published

Sep 29, 2025

Added

Sep 30, 2025

Modified

Apr 16, 2026

Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.6.

Solution

vmware-tools-upgrade-latest

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-31579
CVE-2025-41246
https://attackerkb.com/topics/CVE-2025-41246
CWE-863
EUVD-EUVD-2025-31579

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report