Broadcom has fixed a critical privilege escalation vulnerability (CVE-2025-41244) in VMware Aria Operations and VMware Tools that was exploited in wild attacks since October 2024 by the Chinese state-sponsored group UNC5174. The exploit allows attackers to gain root-level access and was linked to targeted breaches of government, defense, and infrastructure institutions. #CVE202541244 #UNC5174
Keypoints
- Broadcom patched a high-severity privilege escalation flaw in VMware Aria Operations and VMware Tools.
- The vulnerability (CVE-2025-41244) has been actively exploited in the wild since mid-October 2024.
- Attacks were linked to the Chinese threat actor UNC5174, believed to be affiliated with Chinaβs MSS.
- Exploit methods involve staging malicious binaries in common directories like /tmp/httpd.
- Recent patches also addressed additional VMware vulnerabilities and vulnerabilities in other systems exploited by state-sponsored groups.