Ethical Hacking News
Broadcom has released patches for six VMware vulnerabilities, including one zero-day exploit that was actively exploited in the wild by the China-linked threat actor UNC5174. The vulnerability, tracked as CVE-2025-41244, is a local privilege escalation vulnerability in VMware Tools and Aria Operations that allows an attacker to escalate privileges to root on the same system. This patch highlights the importance of keeping software up-to-date and patched, particularly in critical systems such as virtualization environments.
Broadcom has released patches for six VMware vulnerabilities, including one zero-day exploit (CVE-2025-41244) actively exploited by China-linked threat actor UNC5174. The vulnerability allows local privilege escalation to root on the same system and was first reported by NVISO Labs in mid-October 2024. The patch is available for VMware Cloud Foundation, vSphere Foundation, and VMware Tools versions specified in the release notes. Four additional high-severity vulnerabilities have been patched by Broadcom, including information disclosure and improper authorization vulnerabilities. UNC5174's behavior suggests potential sponsorship by the Chinese government, but no explicit links to nation-state actors exist.
Broadcom has recently released patches for six VMware vulnerabilities, including one zero-day exploit that was actively exploited in the wild by the China-linked threat actor UNC5174. The vulnerability, tracked as CVE-2025-41244, is a local privilege escalation vulnerability in VMware Tools and Aria Operations that allows an attacker to escalate privileges to root on the same system.
The vulnerability was first reported by NVISO Labs, which stated that it had identified zero-day exploitation of this vulnerability beginning mid-October 2024. NVISO further determined that UNC5174 was responsible for triggering the local privilege escalation. However, it is not clear whether the exploit was part of UNC5174's capabilities or simply an accident due to its triviality.
The patch for CVE-2025-41244 has been released for VMware Cloud Foundation 9.x.x.x, VMware vSphere Foundation 13.x.x.x (Windows, Linux), and VMware Tools 11.x.x, 12.x.x, and 13.x.x (Windows, Linux). This vulnerability impacts systems running these specific versions of the software.
In addition to the zero-day exploit, Broadcom has also patched four high-severity vulnerabilities in VMware products. These include CVE-2025-41244, which allows local users to escalate privileges to root via VMware Tools and Aria Operations; CVE-2025-41245, an information disclosure vulnerability; and CVE-2025-41246, an improper authorization vulnerability.
It is worth noting that UNC5174 is a China-linked threat actor who has been linked to initial access operations achieved through public exploitation. The actor's activities have not been explicitly linked to specific nation-state actors, but their behavior suggests that they may be sponsored by the Chinese government.
Broadcom's release of patches for these vulnerabilities highlights the importance of keeping software up-to-date and patched, particularly in critical systems such as virtualization environments. It also serves as a reminder that even seemingly trivial exploits can have significant consequences if not addressed promptly.
In recent months, there have been several high-profile zero-day exploits that have made headlines, including the exploitation of CVE-2025-10585 by Google. These incidents demonstrate the ongoing threat posed by zero-day exploits and the need for software vendors to prioritize patching and vulnerability disclosure.
The vulnerabilities discussed in this article are a reminder that the cybersecurity landscape is constantly evolving and that threats can come from unexpected places. By staying informed about emerging threats and taking proactive steps to protect your systems, you can help minimize the risk of a successful attack.
Related Information:
https://www.ethicalhackingnews.com/articles/Broadcom-Patches-VMware-Zero-Day-Exploited-by-UNC5174-a-China-Linked-Threat-Actor-ehn.shtml
https://securityaffairs.com/182816/uncategorized/broadcom-patches-vmware-zero-day-actively-exploited-by-unc5174.html
https://knowledge.broadcom.com/external/article/314603/zero-day-ie-critical-security-patches-fo.html
https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html
Published: Tue Sep 30 10:35:21 2025 by llama3.2 3B Q4_K_M
