The Cybersecurity and Infrastructure Security Agency (CISA) has raised alarm over active exploitation of a critical privilege escalation vulnerability affecting Broadcom’s VMware Tools and VMware Aria Operations.
Tracked as CVE-2025-41244, this 0-day flaw poses significant risk to organizations managing virtualized infrastructure, potentially allowing attackers to gain root-level access to compromised systems.
| CVE ID | Vendor | Affected Products | Vulnerability Type |
| CVE-2025-41244 | Broadcom (VMware) | VMware Aria Operations, VMware Tools | Privilege Escalation |
Understanding the Vulnerability Threat
The vulnerability stems from improper privilege handling within VMware Tools when deployed alongside VMware Aria Operations with Software-Defined Management Platform (SDMP) enabled.
A malicious actor with only standard user-level access to a virtual machine can exploit unsafe actions in the privilege definition system to elevate their access to root privileges on the same VM.
This escalation pathway bypasses…
