How to address the VMwareTools vulnerability CVE-2025-41244
search cancel

How to address the VMwareTools vulnerability CVE-2025-41244

book

Article ID: 417108

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Out of the box, VMware Tools 12.4.0 (12416) is installed with SMG. In order to address the vulnerability, CVE-2025-41244, is it possible to upgrade the VMware Tools?

Environment

SMG 10.9.2

Resolution

From the CVE description at NVD (CVE-2025-41244):

"VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM"

Hence 4 conditions must be met for there to be a vulnerability:

1. local access to the VM.
2. the affected version of VM tools installed.
3. the VM is being managed by Aria Operations.
4. SDMP must be enabled.

If any of the above is not true, then there is no exposure/vulnerability.

From the VMWare KB "OpenSSH Vulnerability VMSA-2025-0015 reported in Aria Operations and VMware Tools", the resolution for the CVE-2025-41244 is:

Upgrade VMware Aria Operations to version 8.18 HF8 (Refer to the security advisory for more details, which can be found in the additional information section)

Note: Alternatively, deactivating the SDMP pack in your environment will eliminate the vulnerability to CVE-2025-41244 (We do not approach this method from our side, as the specifications are entirely dependent upon the specific requirements of the environment.)

Specific fix recommendations for the various VMWare products are available in the security advisory at:
VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

Upgrading the VMware tools installed as part of SMG would only protect them at the SMG level and you are likely to have to track down and get new VMware tools installed on every Linux based VM in their enterprise. Whereas, addressing the issue at the VMWare level would resolve the vulnerability at a more global level and bypass the need to track down and individually update each and every Linux based virtual machine.

We are planning to update the VMware Tools that ships with SMG in the next release.

Additional Information

CVE-2025-41244 Detail

OpenSSH Vulnerability VMSA-2025-0015 reported in Aria Operations and VMware Tools

Powered by Wolken Software