ALT-PU-2025-14728-3

Package update open-vm-tools in branch p11

Version13.0.5-alt1

Published2025-11-21

Max severityHIGH

Severity:

Closed issues (4)

MEDIUM6.1

Уязвимость набора утилит VMware Tools, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии

Published: 2025-05-19Modified: 2026-04-20

CVSS 3.xMEDIUM 6.1

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CVSS 2.0MEDIUM 5.2

CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:C/A:N

References

HIGH7.8

Уязвимость функции Service Discovery Management Pack (SDMP) инструмента мониторинга виртуальной инфраструктуры VMware Aria Operations и набора утилит VMware Tools, позволяющая нарушителю повысить свои привилегии до уровня root

Published: 2025-10-01Modified: 2026-02-17

CVSS 3.xHIGH 7.8

CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0MEDIUM 6.8

CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C

References

MEDIUM6.1

VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.

Published: 2025-05-12Modified: 2026-04-15

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

References

HIGH7.8

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Published: 2025-09-29Modified: 2025-11-06

CVSS 3.xHIGH 7.8

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References