VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
- Download Nuclei from here
- Copy the template to your local system
- Run the following command:
nuclei -u https://yourHost.com -t template.yaml
- https://nvd.nist.gov/vuln/detail/CVE-2025-41244
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
Feel free to reach out via Signal if you have any questions.