INFCSA-2025:17428: open-vm-tools security update

Information about definition

Identificator: INFCSA-2025:17428

Type: security

Release date: 2025-10-09 14:06:06 UTC

Information about package

The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualization components that enhance performance and user experience of virtual machines.

Vulnerabilities description

  • CVE-2025-41244

    A flaw was found in VMWare open-vm-tools. A malicious actor with non-administrative privileges on a guest Virtual Machine (VM) could exploit this vulnerability to gain root privileges on the VM. The issue lies in the service-discovery plugin logic, which can execute attacker-controlled binaries from writable paths such as /tmp. Exploitation requires the open-vm-tools-sdmp package to be installed and guest service discovery to be enabled.

Severity level

CVE Score CVSS 2.0 Score CVSS 3.x Score CVSS 4.0
no information 7.8 no information
Critical, important, moderate, low

Updated packages

loader icon Preparing to download...
Architecture: Download