cvelistv5 - cve-2025-41245

CVE-2025-41245 (GCVE-0-2025-41245)

Vulnerability from cvelistv5

Published

2025-09-29 16:19

Modified

2025-09-30 15:42

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-1188

Summary

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

References

URL

Tags

security@vmware.com

http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Impacted products

Vendor

Product

Version

VMware

VMware Aria Operations

Version: 8.18.x

VMware	VMware Cloud Foundation	Version: 5.x Version: 4.x
VMware	VMware Telco Cloud Platform	Version: 5.x Version: 4.x
VMware	VMware Telco Cloud Infrastructure	Version: 3.x Version: 2.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41245",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-30T15:42:25.242190Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-30T15:42:32.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VMware Aria Operations",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "8.18.x",
              "versionType": "commercial"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VMware Cloud Foundation",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "5.x",
              "versionType": "commercial"
            },
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "4.x",
              "versionType": "commercial"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VMware Telco Cloud Platform",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "5.x",
              "versionType": "commercial"
            },
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "4.x",
              "versionType": "commercial"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VMware Telco Cloud Infrastructure",
          "vendor": "VMware",
          "versions": [
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "3.x",
              "versionType": "commercial"
            },
            {
              "lessThan": "8.18.5",
              "status": "affected",
              "version": "2.x",
              "versionType": "commercial"
            }
          ]
        }
      ],
      "datePublic": "2025-09-29T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations contains an information disclosure vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1188",
              "description": "CWE-1188",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T16:19:15.836Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41245",
    "datePublished": "2025-09-29T16:19:15.836Z",
    "dateReserved": "2025-04-16T09:30:25.625Z",
    "dateUpdated": "2025-09-30T15:42:32.121Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41245\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-09-29T17:15:31.000\",\"lastModified\":\"2025-09-29T19:34:10.030\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1188\"}]}],\"references\":[{\"url\":\"http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41245\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-30T15:42:25.242190Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-30T15:42:29.344Z\"}}], \"cna\": {\"title\": \"VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"VMware Aria Operations\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.18.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"VMware Cloud Foundation\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}, {\"status\": \"affected\", \"version\": \"4.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"VMware Telco Cloud Platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}, {\"status\": \"affected\", \"version\": \"4.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"VMware\", \"product\": \"VMware Telco Cloud Infrastructure\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}, {\"status\": \"affected\", \"version\": \"2.x\", \"lessThan\": \"8.18.5\", \"versionType\": \"commercial\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-09-29T16:00:00.000Z\", \"references\": [{\"url\": \"http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"VMware Aria Operations contains an information disclosure vulnerability.\\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eVMware Aria Operations contains an information disclosure vulnerability.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eA malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1188\", \"description\": \"CWE-1188\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-09-29T16:19:15.836Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41245\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-30T15:42:32.121Z\", \"dateReserved\": \"2025-04-16T09:30:25.625Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-09-29T16:19:15.836Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

cnvd-2025-23107

Vulnerability from cnvd

Title

VMware Aria Operations信息泄露漏洞

Description

VMware Aria Operations是美国威睿（VMware）公司的一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台，适用于私有云、混合云和多云环境。 VMware Aria Operations存在安全漏洞，攻击者可利用该漏洞泄露其他用户的凭据。

Severity

高

Patch Name

VMware Aria Operations信息泄露漏洞的补丁

Patch Description

VMware Aria Operations是美国威睿（VMware）公司的一个统一的、人工智能驱动的自动驾驶 IT 运营管理平台，适用于私有云、混合云和多云环境。 VMware Aria Operations存在安全漏洞，攻击者可利用该漏洞泄露其他用户的凭据。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修复方案，请及时关注厂商更新： http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-41245

Impacted products

Name
VMWare Aria Operations

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-41245"
    }
  },
  "description": "VMware Aria Operations\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7edf\u4e00\u7684\u3001\u4eba\u5de5\u667a\u80fd\u9a71\u52a8\u7684\u81ea\u52a8\u9a7e\u9a76 IT \u8fd0\u8425\u7ba1\u7406\u5e73\u53f0\uff0c\u9002\u7528\u4e8e\u79c1\u6709\u4e91\u3001\u6df7\u5408\u4e91\u548c\u591a\u4e91\u73af\u5883\u3002\n\nVMware Aria Operations\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u5176\u4ed6\u7528\u6237\u7684\u51ed\u636e\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u5382\u5546\u66f4\u65b0\uff1a \r\nhttp://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-23107",
  "openTime": "2025-10-01",
  "patchDescription": "VMware Aria Operations\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7edf\u4e00\u7684\u3001\u4eba\u5de5\u667a\u80fd\u9a71\u52a8\u7684\u81ea\u52a8\u9a7e\u9a76 IT \u8fd0\u8425\u7ba1\u7406\u5e73\u53f0\uff0c\u9002\u7528\u4e8e\u79c1\u6709\u4e91\u3001\u6df7\u5408\u4e91\u548c\u591a\u4e91\u73af\u5883\u3002\r\n\r\nVMware Aria Operations\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u5176\u4ed6\u7528\u6237\u7684\u51ed\u636e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Aria Operations\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "VMWare Aria Operations"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-41245",
  "serverity": "\u9ad8",
  "submitTime": "2025-10-01",
  "title": "VMware Aria Operations\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Cloud Foundation	Cloud Foundation versions 4.5.x avec vCenter versions 7.x antérieures à 7.0 U3w
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	NSX	NSX versions 4.2.2.x antérieures à 4.2.2.2
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518
VMware	Cloud Foundation	Cloud Foundation versions 5.x antérieures à 5.2.2
VMware	NSX	NSX versions 4.2.3.x antérieures à 4.2.3.1
VMware	NSX	NSX-T versions 3.x antérieures à 3.2.4.3
VMware	Cloud Foundation	Cloud Foundation versions 9.x antérieures à 9.0.1.0
VMware	vCenter Server	vCenter versions 7.x antérieures à 7.0 U3w
VMware	vSphere Foundation	vSphere Foundation versions 13.x antérieures à 13.0.5.0
VMware	vCenter Server	vCenter versions 8.x antérieures à 8.0 U3g
VMware	Telco Cloud Platform	Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	vSphere Foundation	vSphere Foundation versions 9.x antérieures à 9.0.1.0
VMware	Cloud Foundation	Cloud Foundation versions 13.x antérieures à 13.0.5.0
VMware	VMware Tools	VMware Tools versions 13.x antérieures à 13.0.5
VMware	Cloud Foundation	Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287
VMware	Telco Cloud Infrastructure	Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x antérieures à 8.18.5
VMware	NSX	NSX versions 4.0.x et 4.1.x antérieures à 4.1.2.7
VMware	Aria Operations	Aria Operations versions 8.x antérieures à 8.18.5
VMware	VMware Tools	VMware Tools versions 11.x et 12.x antérieures à 12.5.4

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36149	2025-09-29	vendor-advisory
Bulletin de sécurité VMware 36150	2025-09-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cloud Foundation versions 4.5.x avec vCenter versions 7.x ant\u00e9rieures \u00e0 7.0 U3w",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telco Cloud Platform versions 5.x, 4.x, 3.x et 2.x sans les recommandations des articles KB411508 et KB411518",
      "product": {
        "name": "Telco Cloud Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NSX versions 4.2.2.x ant\u00e9rieures \u00e0 4.2.2.2",
      "product": {
        "name": "NSX",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telco Cloud Infrastructure versions 3.x et 2.x sans les recommandations des articles KB411508 et KB411518",
      "product": {
        "name": "Telco Cloud Infrastructure",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 5.x ant\u00e9rieures \u00e0 5.2.2",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NSX versions 4.2.3.x ant\u00e9rieures \u00e0 4.2.3.1",
      "product": {
        "name": "NSX",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NSX-T versions 3.x ant\u00e9rieures \u00e0 3.2.4.3",
      "product": {
        "name": "NSX",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.1.0",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter versions 7.x ant\u00e9rieures \u00e0 7.0 U3w",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Foundation versions 13.x ant\u00e9rieures \u00e0 13.0.5.0",
      "product": {
        "name": "vSphere Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter versions 8.x ant\u00e9rieures \u00e0 8.0 U3g",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telco Cloud Platform versions 5.x et 4.x avec Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
      "product": {
        "name": "Telco Cloud Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Foundation versions 9.x ant\u00e9rieures \u00e0 9.0.1.0",
      "product": {
        "name": "vSphere Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 13.x ant\u00e9rieures \u00e0 13.0.5.0",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tools versions 13.x ant\u00e9rieures \u00e0 13.0.5",
      "product": {
        "name": "VMware Tools",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Cloud Foundation versions 5.x et 4.x sans les recommandations des articles KB92148 et KB88287",
      "product": {
        "name": "Cloud Foundation",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telco Cloud Infrastructure versions 3.x et 2.x avec Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
      "product": {
        "name": "Telco Cloud Infrastructure",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NSX versions 4.0.x et 4.1.x ant\u00e9rieures \u00e0 4.1.2.7",
      "product": {
        "name": "NSX",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Aria Operations versions 8.x ant\u00e9rieures \u00e0 8.18.5",
      "product": {
        "name": "Aria Operations",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tools versions 11.x et 12.x ant\u00e9rieures \u00e0 12.5.4",
      "product": {
        "name": "VMware Tools",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-41245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41245"
    },
    {
      "name": "CVE-2025-41252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41252"
    },
    {
      "name": "CVE-2025-41251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41251"
    },
    {
      "name": "CVE-2025-41246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41246"
    },
    {
      "name": "CVE-2025-41244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41244"
    },
    {
      "name": "CVE-2025-41250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41250"
    }
  ],
  "initial_release_date": "2025-09-30T00:00:00",
  "last_revision_date": "2025-09-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0832",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-09-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-09-29",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36149",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
    },
    {
      "published_at": "2025-09-29",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36150",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150"
    }
  ]
}

fkie_cve-2025-41245

Vulnerability from fkie_nvd

Published

2025-09-29 17:15

Modified

2025-09-29 19:34

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	security@vmware.com	http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations."
    }
  ],
  "id": "CVE-2025-41245",
  "lastModified": "2025-09-29T19:34:10.030",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 3.6,
        "source": "security@vmware.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-09-29T17:15:31.000",
  "references": [
    {
      "source": "security@vmware.com",
      "url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    }
  ]
}

ghsa-8rq8-hfwr-4p7v

Vulnerability from github

Published

2025-09-29 18:33

Modified

2025-09-29 18:33

Severity ?

4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-41245"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-29T17:15:31Z",
    "severity": "MODERATE"
  },
  "details": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.",
  "id": "GHSA-8rq8-hfwr-4p7v",
  "modified": "2025-09-29T18:33:13Z",
  "published": "2025-09-29T18:33:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-41245"
    },
    {
      "type": "WEB",
      "url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-41245 (GCVE-0-2025-41245)

Vulnerability from cvelistv5

cnvd-2025-23107

Vulnerability from cnvd

CERTFR-2025-AVI-0832

Vulnerability from certfr_avis

Solutions

fkie_cve-2025-41245

Vulnerability from fkie_nvd

ghsa-8rq8-hfwr-4p7v

Vulnerability from github

Tags

Sightings

Nomenclature