The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-41244 to its Known Exploited Vulnerabilities catalog. This local privilege escalation flaw affects Broadcom’s VMware Aria Operations and VMware Tools, with evidence of active exploitation in the wild.
Security researchers and officials urge immediate patching to prevent potential ransomware and other attacks that could compromise virtualized infrastructures.
The vulnerability, rated as Important with a CVSSv3 base score of 7.8, stems from a privilege defined with an unsafe action issue. It allows a malicious local actor with non-administrative access to a virtual machine (VM) to escalate their privileges to root on the same VM.
This is particularly risky in setups where VMware Tools are installed and managed by Aria Operations with Software-Defined Management Platform (SDMP) enabled.
Broadcom confirmed that suspected exploitation has already occurred, heightening…
