Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

CISA Urges Immediate Action: VMware Tools Flaw Exploited by Chinese Hackers, Leaving Federal Agencies Vulnerable


CISA has issued an urgent warning to federal agencies, ordering them to patch a critical vulnerability in Broadcom's VMware Aria Operations and VMware Tools software. The flaw, tracked as CVE-2025-41244, was first identified by European cybersecurity expert Maxime Thiebaut of NVISO in mid-October 2024.

  • CISA has issued an urgent warning to federal agencies to patch a critical vulnerability in Broadcom's VMware Aria Operations and VMware Tools software.
  • The vulnerability, CVE-2025-41244, allows local attackers with non-administrative privileges to escalate their privileges to root on a VM, granting them elevated access to the system.
  • CISA urges all organizations to prioritize patching this vulnerability as soon as possible due to its high-severity and frequent exploitation by malicious cyber actors.
  • Federal agencies have three weeks until November 20 to patch their systems against ongoing attacks, with Broadcom releasing security patches to address the issue.
  • The recent surge in attacks exploiting VMware zero-day bugs highlights the increasing sophistication of Chinese state-sponsored threat actors and the need for vigilance and proactive measures to protect against emerging threats.



    • CISA has issued an urgent warning to federal agencies, ordering them to patch a critical vulnerability in Broadcom's VMware Aria Operations and VMware Tools software. The flaw, tracked as CVE-2025-41244, was first identified by European cybersecurity expert Maxime Thiebaut of NVISO in mid-October 2024. Since then, Chinese hackers affiliated with the UNC5174 group have been exploiting this vulnerability to gain unauthorized access to virtual machines (VMs) managed by these software solutions.

    The CVE-2025-41244 flaw allows local attackers with non-administrative privileges to escalate their privileges to root on a VM that has VMware Tools and SDMP enabled, effectively granting them elevated access to the system. This vulnerability is considered high-severity, making it a significant concern for federal agencies that rely heavily on these software solutions.

    CISA added this vulnerability to its Known Exploited Vulnerabilities catalog, indicating that it has been successfully exploited in the wild by malicious actors. Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until November 20, to patch their systems against ongoing attacks, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.

    While BOD 22-01 only applies to federal agencies within the U.S. executive branch, CISA urges all organizations to prioritize patching this vulnerability as soon as possible. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

    The exploitation of this vulnerability is not an isolated incident; UNC5174 has been linked to other high-profile attacks in recent years, including a breach of U.S. defense contractors' networks and Asian institutions. The group's activities have also involved selling access to these compromised networks for malicious purposes.

    Broadcom has released security patches to address this vulnerability, and it is essential that federal agencies take immediate action to patch their systems before the November 20 deadline.

    The recent surge in attacks exploiting VMware zero-day bugs highlights the increasing sophistication of Chinese state-sponsored threat actors. In addition to CVE-2025-41244, Broadcom has fixed three other actively exploited VMware zero-day bugs reported by the Microsoft Threat Intelligence Center. These vulnerabilities underscore the need for vigilance and proactive measures to protect against emerging threats.

    Furthermore, CISA has warned about two more actively exploited Dassault vulnerabilities, emphasizing the importance of timely patching and vulnerability management. With an increasing number of high-severity vulnerabilities being exploited in the wild, organizations must remain vigilant and prioritize their cybersecurity posture.

    In light of this critical vulnerability, it is essential for federal agencies to take immediate action to secure their systems against ongoing attacks. This includes applying security patches, following vendor instructions, and maintaining a robust vulnerability management strategy.

    The recent actions taken by CISA demonstrate its commitment to protecting the nation's cybersecurity infrastructure. By urging federal agencies to patch this critical vulnerability as soon as possible, CISA is helping to prevent potential breaches and minimize the risk of data exfiltration or unauthorized access to sensitive information.

    As the threat landscape continues to evolve, it is crucial for organizations to stay informed about emerging vulnerabilities and take proactive measures to protect their systems. By doing so, they can reduce the risk of cyber attacks and maintain a robust cybersecurity posture.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/CISA-Urges-Immediate-Action-VMware-Tools-Flaw-Exploited-by-Chinese-Hackers-Leaving-Federal-Agencies-Vulnerable-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-vmware-tools-flaw-exploited-since-october-2024/


    • Published: Thu Oct 30 16:34:44 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us