vulnerability

VMware VMware Tools: CVE-2025-41246: VMware Tools improper authorisation vulnerability

Try Surface Command

Back to search

Severity

CVSS

(AV:A/AC:M/Au:M/C:C/I:C/A:C)

Published

Sep 29, 2025

Added

Sep 30, 2025

Modified

May 18, 2026

Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

Solution

vmware-tools-upgrade-latest

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
https://euvd.enisa.europa.eu/vulnerability/EUVD-2025-31579
CVE-2025-41246
https://attackerkb.com/topics/CVE-2025-41246
CWE-863
EUVD-EUVD-2025-31579

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report