A high-severity vulnerability (CVE-2025-41244) affecting Broadcom VMware Tools and VMware Aria Operations has been added to CISAβs KEV list due to active exploitation by Chinese-linked threat actors. This flaw allows privilege escalation to root, posing significant risks to affected virtual machine environments. #CVE202541244 #UNC5174
Keypoints
- CISA added CVE-2025-41244 to its Known Exploited Vulnerabilities list after active in-the-wild exploitation.
- The vulnerability allows local attackers with limited privileges to escalate to root access on vulnerable systems.
- Broadcom addressed the flaw last month, but it was exploited as a zero-day by unknown threat actors since mid-October 2024.
- The attack is attributed to a China-linked group called UNC5174, tracked by Google Mandiant.
- FCEB agencies must implement mitigations by November 20, 2025, to protect against ongoing threats.
Read More: https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html