CVE-2025-41245

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Configurations

No configuration.

History

29 Sep 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-09-29 17:15

Updated : 2025-09-29 19:34

NVD link : CVE-2025-41245

Mitre link : CVE-2025-41245

CVE.ORG link : CVE-2025-41245

JSON object : View

Products Affected

No product.

CWE

CWE-1188

Initialization of a Resource with an Insecure Default

4.9 /10