CVE-2025-41246: 
VMware Tools vulnerability analysis and mitigation

VMware Tools for Windows contains an improper authorization vulnerability (CVE-2025-41246) discovered and disclosed on September 29, 2025. The vulnerability affects VMware Tools versions 12.x and 13.x specifically for Windows systems, while Linux and macOS versions are unaffected. This security issue has been evaluated with a CVSSv3.1 base score of 7.6 (High severity) (Broadcom Advisory, NVD).

The vulnerability stems from improper handling of user access controls in VMware Tools for Windows. It has been assigned a CVSSv3.1 vector of CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating adjacent network attack vector, high attack complexity, high privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability. The vulnerability has been classified under CWE-863 (Incorrect Authorization) (Broadcom Advisory).

If successfully exploited, this vulnerability allows a malicious actor with non-administrative privileges on a guest VM to access other guest VMs. The attack requires the attacker to be already authenticated through vCenter or ESX and possess knowledge of credentials for the targeted VMs and vCenter or ESX systems (NVD).

Broadcom has released patches to address this vulnerability. Users should upgrade to VMware Tools version 13.0.5 for 13.x installations or version 12.5.4 for 12.x installations. No workarounds are available, making patching the only effective mitigation strategy (Broadcom Advisory).

The vulnerability was discovered and reported by security researcher Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway). The cybersecurity community has classified this as a high-severity vulnerability requiring immediate attention (Cybersecurity News).