VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple...

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

Basic Information

ID CVE-2025-41245

Source vmware

Published Sep 29, 2025 at 16:19

Affected Product

Vendor VMware

Product VMware Aria Operations

Version 8.18.x

Affected Versions VMware VMware Aria Operations 8.18.x
VMware VMware Cloud Foundation 5.x
VMware VMware Cloud Foundation 4.x
VMware VMware Telco Cloud Platform 5.x
VMware VMware Telco Cloud Platform 4.x
VMware VMware Telco Cloud Infrastructure 3.x
VMware VMware Telco Cloud Infrastructure 2.x

CWE Classification

CWE-1188

References

support.broadcom.com /group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

{
    "lastseen": "",
    "description": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.",
    "published": "2025-09-29T16:19:15.836Z",
    "modified": "2025-09-29T16:19:15.836Z",
    "type": "cve",
    "title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
    "source": "vmware",
    "references": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149",
    "id": "CVE-2025-41245",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1188"
    ],
    "cvelist": null,
    "sourceData": "VMware VMware Aria Operations 8.18.x\nVMware VMware Cloud Foundation 5.x\nVMware VMware Cloud Foundation 4.x\nVMware VMware Telco Cloud Platform 5.x\nVMware VMware Telco Cloud Platform 4.x\nVMware VMware Telco Cloud Infrastructure 3.x\nVMware VMware Telco Cloud Infrastructure 2.x",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "VMware Aria Operations",
    "version": "8.18.x",
    "vendor": "VMware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)_CVE-2025-41245