High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter

Broadcom on Monday announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products, including four high-severity flaws.

Both Aria Operations and VMware Tools are impacted by a high-severity local privilege escalation bug tracked as CVE-2025-41244.

“A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM,” the vendor explains.

Patches have also been rolled out for a medium-severity issue in VMware Aria Operations that could allow attackers to disclose the credentials of other users (CVE-2025-41245), and a high-severity defect in Tools for Windows that could allow attackers to access other guest VMs (CVE-2025-41246).

Fixes for these vulnerabilities were included in Aria Operations version 8.18.5, Cloud Foundation and vSphere Foundation versions 9.0.1.0 and 13.0 ...