Chinese hackers exploiting VMware zero-day since October 2024

Chinese hackers exploiting VMware zero-day since October 2024

Broadcom has fixed a critical privilege escalation vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools that was exploited in wild attacks since October 2024 by the Chinese state-sponsored group UNC5174. The exploit allows attackers to gain root-level access and was linked to targeted breaches of government, defense, and infrastructure institutions. #CVE202541244 #UNC5174

Keypoints

  • Broadcom patched a high-severity privilege escalation flaw in VMware Aria Operations and VMware Tools.
  • The vulnerability (CVE-2025-41244) has been actively exploited in the wild since mid-October 2024.
  • Attacks were linked to the Chinese threat actor UNC5174, believed to be affiliated with China’s MSS.
  • Exploit methods involve staging malicious binaries in common directories like /tmp/httpd.
  • Recent patches also addressed additional VMware vulnerabilities and vulnerabilities in other systems exploited by state-sponsored groups.

Read More: https://www.bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024/