VMware Aria Operations and VMware Tools, local privilege escalation

Overview

CVE-2025-41244 is a local privilege escalation vulnerability affecting VMware Aria Operations and VMware Tools, classified by NVD under CWE-267 (privilege defined with unsafe actions). The flaw is exposed when a guest VM runs VMware Tools and is managed by Aria Operations with the Service Discovery and Monitoring Plug-in (SDMP) enabled. In that configuration a non-administrative local user on the guest can abuse the discovery mechanism to execute code as root on the same VM. Broadcom rated the issue Important with a CVSS 3.1 base score of 7.8 and confirmed it was exploited in the wild as a zero-day. CISA added it to the Known Exploited Vulnerabilities catalog on 30 October 2025 with a remediation due date of 20 November 2025; the activity has been publicly associated with the China-linked actor tracked as UNC5174.

The vulnerability was disclosed in Broadcom advisory VMSA-2025-0015 on 29 September 2025, alongside related VMware Aria Operations and VMware Tools issues. Because open-vm-tools underpins VMware Tools on Linux, distribution maintainers (for example Debian LTS) shipped corresponding package updates.

Technical Details

With SDMP enabled, the agentless service-discovery feature periodically inspects running processes inside the guest to identify services. As publicly analysed, the discovery logic locates candidate service binaries and re-executes or probes them from a privileged context, but it does so based on attacker-influenceable information, such as the path or matching of a running process, without sufficiently validating that the target is a trusted system binary. A low-privileged user can stage a binary in a location that the privileged discovery routine then selects and runs, so the attacker's code executes with root privileges. This is the unsafe-action pattern CWE-267 describes: a privileged routine performs an action (executing a discovered binary) whose target a less-privileged actor can control.

The CVSS vector AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H reflects a local attack (AV:L) by an already-authenticated low-privileged guest user (PR:L) with no user interaction (UI:N) that fully compromises the VM (C:H/I:H/A:H, root). The prerequisite is access to a managed VM with the vulnerable SDMP configuration, after which escalation to root is reliable.

Impact

• Escalation from an unprivileged local guest account to root on any VM with VMware Tools and SDMP-enabled Aria Operations management.
• Full compromise of the guest operating system, enabling tampering, persistence, and access to all data and credentials on the VM.
• A strong post-foothold step for attackers who land in a guest with low privileges, including in managed and multi-tenant virtual estates; exploitation tied to a state-aligned actor (UNC5174).
• Wide exposure across managed VMware environments, affecting both Windows and Linux guests and the open-vm-tools-based stack on Linux distributions.

Mitigation

1. Apply the fixed releases identified in Broadcom advisory VMSA-2025-0015 for both VMware Aria Operations and VMware Tools; update VMware Tools to the fixed version on every managed guest, and update Aria Operations to the patched release.
2. On Linux guests using open-vm-tools, install the distribution's patched package (for example the Debian LTS open-vm-tools update referenced in the advisory) so the fix reaches systems that obtain VMware Tools through their OS vendor.
3. For environments delivered via VMware Cloud Foundation or vSphere Foundation, apply the bundled VMware Tools fix through the supported product update path called out in VMSA-2025-0015.
4. Where immediate patching is not possible, reduce exposure by reviewing whether SDMP / credential-less Service Discovery must remain enabled in Aria Operations; disabling the vulnerable discovery configuration removes the privileged execution path until updates are deployed.
5. After updating, confirm VMware Tools reports the fixed build on representative guests, and prioritise multi-user and higher-value VMs where untrusted local users could exploit the flaw.

Detection

Detection centers on the guest, since escalation happens inside the VM. On Linux guests, monitor for processes spawned by the VMware Tools / open-vm-tools service-discovery context (descendants of the vmtoolsd daemon) that execute binaries from user-writable or non-standard locations such as /tmp, a user home directory, or other world-writable paths. The published analysis highlights that the privileged routine re-executes discovered binaries, so a root-owned process launching an executable that resides in an unprivileged location is the core anomaly; auditd execve rules and EDR process-lineage telemetry both capture this. Map alerts to ATT&CK T1068 (exploitation for privilege escalation).

Hunt for the staging behaviour as well: a low-privileged user creating or placing an executable in a path that matches how a real service binary would be discovered, immediately before a privileged execution of that file. File-integrity monitoring on temp and home directories, combined with execution events, helps tie the placement to the subsequent root execution. On Windows guests, apply the same logic to the VMware Tools service: alert on the Tools service or its discovery component launching unexpected child processes from user-writable paths and on the resulting SYSTEM/Administrator-context execution.

Because the activity has been attributed to a known intrusion set, incorporate threat intelligence: sweep for any indicators published by Broadcom and by the researchers (NVISO) who analysed the exploitation, and review historical telemetry retrospectively, the abuse predates public disclosure, so look back across guest process-execution history for the discovery-driven root-execution pattern.

Finally, treat configuration and patch state as detection inputs. Inventory which VMs are managed by Aria Operations with SDMP enabled and which run a pre-fix VMware Tools / open-vm-tools build, since that intersection defines the exploitable population, then focus guest-level monitoring there. Confirm patched Tools builds via management tooling, and where SDMP remains enabled pending updates, raise the sensitivity of process-execution alerting on those guests so a discovery-triggered root execution from an untrusted binary is surfaced immediately.