Improper Authorization in VMware Tools for Windows Affects User Access Control
CVE-2025-41246

7.6HIGH

Key Information:

Vendor: Vmware
Status: Tools
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-41246?

VMware Tools for Windows contains an improper authorization vulnerability stemming from its handling of user access controls. Authenticated users with non-administrative privileges on a guest VM, through vCenter or ESX, can exploit this issue to gain unauthorized access to other guest VMs. Successful exploitation necessitates knowledge of the targeted VMs' credentials and vCenter or ESX, allowing a potential attacker to compromise user access controls and navigate within the environment.

Affected Version(s)

Tools Windows 13.x.x.x < 13.0.5.0

Tools Windows 12.x.x < 12.5.4

Tools Windows 11.x.x

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Vmware

What is CVE-2025-41246?

Affected Version(s)

References

CVSS V3.1

Timeline