CVE-2025-41246 HIGH

CVE-2025-41246: Improper authorisation vulnerability

Vendor Vmware
Product Tools
Weakness CWE-863 · Incorrect authorization
Published September 29, 2025
Last update February 26, 2026

CVSS base score

7.6/10
Attack vector Adjacent
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.

Key dates

02Disclosure timeline

September 29, 2025 CVE published
February 26, 2026 Record updated