CVE-2025-41246: 
VMware Tools vulnerability analysis and mitigation

VMware Tools for Windows contains an improper authorization vulnerability (CVE-2025-41246) discovered and disclosed on September 29, 2025. The vulnerability affects VMware Tools versions 11.x.x through 13.x.x specifically on Windows platforms, while Linux and macOS versions are unaffected (VMware Advisory).

The vulnerability stems from improper handling of user access controls in VMware Tools for Windows. It has been assigned a CVSS v3.1 base score of 7.6 (High) with the vector string CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating adjacent network attack vector, high attack complexity, high privileges required, no user interaction needed, and high impact on confidentiality, integrity, and availability (VMware Advisory).

If successfully exploited, this vulnerability allows a malicious actor with non-administrative privileges on a guest VM to access other guest VMs. The attacker must already be authenticated through vCenter or ESX, and successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX (VMware Advisory).

Broadcom has released patches to address this vulnerability. Users should upgrade to VMware Tools version 13.0.5 for version 13.x.x installations, or version 12.5.4 for versions 12.x.x and 11.x.x installations. VMware Tools 12.4.9, which is part of VMware Tools 12.5.4, also addresses the issue for Windows 32-bit systems. No workarounds are available (VMware Advisory).

The vulnerability was discovered and reported by security researcher Tom Jøran Sønstebyseter Rønning (@L1v1ng0ffTh3L4N) of Statnett (Norway) (VMware Advisory).