Chinese State Hackers May Be Using VMWare Tools Flaw To Hack US Systems - So Patch Now, CISA Warns

CISA added CVE-2025-41244 to KEV, mandating patching by November 20
The bug enables local privilege escalation via VMware Tools with SDMP enabled
Chinese group UNC5174 exploited it for espionage targeting Western and Asian institutions

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Broadcom bug to its Known Exploited Vulnerabilities (KEV) catalog, warning Federal Civilian Executive Branch (FCEB) agencies about in-the-wild abuse.

The bug in question is a local privilege escalation vulnerability affecting VMware Aria Operations and VMWare tools. According to the NVD, a malicious local actor with non-administrative privileges having access to a VM with VMWare Tools installed and managed by Aria Operations with SDMP enabled may exploit it to escalate privileges to root on the same VM.

Facebook
Twitter
Pinterest
LinkedIn
Digg
Tumblr
Reddit
Buffer
Blogger
Newsvine
HackerNews
Flipboard
Share
LiveJournal
Yammer
Mix
Instapaper
Copy Link
Mastodon

Related Posts