Improper authorisation vulnerability_CVE-2025-41246

7.6 / 10

HIGH

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

Basic Information

ID CVE-2025-41246

Source vmware

Published Sep 29, 2025 at 15:57

Affected Product

Vendor VMware

Product Tools

Version 13.x.x.x

Affected Versions VMware Tools 13.x.x.x
VMware Tools 12.x.x
VMware Tools 11.x.x

CWE Classification

CWE-863

References

support.broadcom.com /web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

{
    "lastseen": "",
    "description": "VMware Tools for Windows contains an improper authorisation\u00a0vulnerability due to the way it handles user access controls.\u00a0A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.",
    "published": "2025-09-29T15:57:58.438Z",
    "modified": "2025-09-29T15:57:58.438Z",
    "type": "cve",
    "title": "Improper authorisation vulnerability",
    "source": "vmware",
    "references": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149",
    "id": "CVE-2025-41246",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "VMware Tools 13.x.x.x\nVMware Tools 12.x.x\nVMware Tools 11.x.x",
    "sourceHref": "",
    "cvss": {
        "score": 7.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Tools",
    "version": "13.x.x.x",
    "vendor": "VMware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}