- CISA added CVE-2025-41244 to KEV, mandating patching by November 20
- The bug enables local privilege escalation via VMware Tools with SDMP enabled
- Chinese group UNC5174 exploited it for espionage targeting Western and Asian institutions
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Broadcom bug to its Known Exploited Vulnerabilities (KEV) catalog, warning Federal Civilian Executive Branch (FCEB) agencies about in-the-wild abuse.
The bug in question is a local privilege escalation vulnerability affecting VMware Aria Operations and VMWare tools. According to the NVD, a malicious local actor with non-administrative privileges having access to a VM with VMWare Tools installed and managed by Aria Operations with SDMP enabled may exploit it to escalate privileges to root on the same VM.
The bug is tracked as CVE-2025-41244, and was given a severity score of 7.8/10 (high). Those looking for a fix for Windows 32-bit should seek out VMWare Tools 12.4.9, part of…