Security update for open-vm-tools SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20853-1 Final 1 1 2025-10-17T11:57:06Z current 2025-10-17T11:57:06Z 2025-10-17T11:57:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for open-vm-tools This update for open-vm-tools fixes the following issues: Update to open-vm-tools 13.0.5 based on build 24915695. (bsc#1250692): Please refer to the Release Notes at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/ReleaseNotes.md. The granular changes that have gone into the open-vm-tools 13.0.5 release are in the ChangeLog at https://github.com/vmware/open-vm-tools/blob/stable-13.0.5/open-vm-tools/ChangeLog. There are no new features in the open-vm-tools 13.0.5 release. This is primarily a maintenance release that addresses a security issue. This release resolves and includes the patch for CVE-2025-41244. For more information on this vulnerability and its impact on Broadcom products, see VMSA-2025-0015. A minor enhancement has been made for Guest OS Customization. The DeployPkg plugin has been updated to use "systemctl reboot", if available. For a more complete list of issues addressed in this release, see the What's New and Resolved Issues section of the Release Notes. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-495 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520853-1/ Link for SUSE-SU-2025:20853-1 https://lists.suse.com/pipermail/sle-updates/2025-October/042325.html E-Mail link for SUSE-SU-2025:20853-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1250373 SUSE Bug 1250373 https://bugzilla.suse.com/1250692 SUSE Bug 1250692 https://www.suse.com/security/cve/CVE-2025-41244/ SUSE CVE CVE-2025-41244 page SUSE Linux Micro 6.0 libvmtools0-13.0.5-1.1 open-vm-tools-13.0.5-1.1 libvmtools0-13.0.5-1.1 as a component of SUSE Linux Micro 6.0 open-vm-tools-13.0.5-1.1 as a component of SUSE Linux Micro 6.0 VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. CVE-2025-41244 SUSE Linux Micro 6.0:libvmtools0-13.0.5-1.1 SUSE Linux Micro 6.0:open-vm-tools-13.0.5-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520853-1/ https://www.suse.com/security/cve/CVE-2025-41244.html CVE-2025-41244 https://bugzilla.suse.com/1250373 SUSE Bug 1250373