CNNVD-202509-4393 Information
CNNVD ID
CNNVD-202509-4393
Related CVE
- CNNVD Published: 2025-09-29
Description (Chinese)
VMware Tools和VMware Aria Operations都是美国威睿(VMware)公司的产品。VMware Tools是一款VMWare虚拟机自带的增强工具,它是VMware提供的用于增强虚拟显卡和硬盘性能、以及同步虚拟机与主机时钟的驱动程序。VMware Aria Operations是一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台,适用于私有云、混合云和多云环境。 VMware Tools和VMware Aria Operations存在安全漏洞,该漏洞源于本地非特权攻击者可利用VMware Tools进行权限提升,可能导致获得root权限。
Description (English)
VMware Tools and VMware Aria Operations are products of VMware. VMware Tools is a self-enhanced VMWare Virtual Machine (VMWare), a driver for VMware to enhance virtual graphic cards and hard disk performance, as well as to synchronize virtual machines and host clocks. VMware Aria Operations is a unified, artificially intelligent, self-driving IT operating management platform for private, hybrid and cloud-intensive environments. There is a security gap between VMware Tools and VMware Aria Operations, which stems from the fact that local non-privileged assailants can use VMware Tools to upgrade their powers, which may lead to the granting of root privileges.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
威睿
Published
2025-09-29
Last Modified
2026-02-24
References
http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015–VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities–CVE-2025-41244-CVE-2025-41245–CVE-2025-41246-/36149 https://vigilance.fr/vulnerability/VMware-Tools-two-vulnerabilities-dated-29-09-2025-48337