Amazon Linux 2 Security Advisory: ALAS2-2025-3036
Advisory Released Date: 2025-10-14
Advisory Updated Date: 2025-10-14
Severity:
Important
Issue Overview:
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. (CVE-2025-41244)
Affected Packages:
open-vm-tools
Note:
This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update open-vm-tools or yum update --advisory ALAS2-2025-3036 to update your system.
New Packages:
aarch64:
open-vm-tools-12.3.0-1.amzn2.0.4.aarch64
open-vm-tools-desktop-12.3.0-1.amzn2.0.4.aarch64
open-vm-tools-sdmp-12.3.0-1.amzn2.0.4.aarch64
open-vm-tools-devel-12.3.0-1.amzn2.0.4.aarch64
open-vm-tools-test-12.3.0-1.amzn2.0.4.aarch64
open-vm-tools-debuginfo-12.3.0-1.amzn2.0.4.aarch64
src:
open-vm-tools-12.3.0-1.amzn2.0.4.src
x86_64:
open-vm-tools-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-desktop-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-sdmp-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-salt-minion-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-devel-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-test-12.3.0-1.amzn2.0.4.x86_64
open-vm-tools-debuginfo-12.3.0-1.amzn2.0.4.x86_64