Ethical Hacking News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added XWiki Platform and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog in an effort to enhance the nation's cybersecurity posture. This move highlights the ongoing importance of identifying and addressing critical vulnerabilities that could potentially be exploited by malicious actors.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added XWiki Platform and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. XWiki Platform contains a critical security vulnerability, tracked as CVE-2025-24893, that allows unauthenticated users to execute arbitrary code on the server. A local privilege escalation vulnerability in VMware Aria Operations and VMware Tools was also added to the catalog, allowing attackers to escalate privileges to root. CISA is ensuring federal agencies patch these vulnerabilities to prevent potential exploits. Private organizations are recommended to review the catalog and address the vulnerabilities in their infrastructure.
U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has taken a significant step in enhancing the nation's cybersecurity posture by adding XWiki Platform and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog. This move is a testament to CISA's commitment to identifying and addressing critical vulnerabilities that could potentially be exploited by malicious actors.
The addition of these two entities to the KEV catalog marks an important development in the ongoing efforts to secure the nation's critical infrastructure. XWiki Platform, a generic wiki framework that provides runtime services for applications built on top of it, was found to contain a critical security vulnerability, tracked as CVE-2025-24893, in its SolrSearch feature. This flaw allows unauthenticated users, essentially any guest, to execute arbitrary code on the server, posing a severe risk to the confidentiality, integrity, and availability of the entire XWiki installation.
The vulnerability was discovered through a thorough analysis by security researchers who identified a carefully crafted request to the SolrSearch endpoint that could inject Groovy code into the RSS feed generation mechanism. This allowed an attacker to execute malicious code on the server, potentially leading to unauthorized access or data exfiltration. Fortunately, XWiki Platform has since patched this vulnerability in versions 15.10.11, 16.4.1, and 16.5.0RC1, and users are strongly advised to upgrade immediately.
The second flaw added to the catalog, tracked as CVE-2025-41244, is a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools. This vulnerability allows a malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled to escalate privileges to root on the same VM. This could potentially grant an attacker elevated access to sensitive data or allow them to perform unauthorized actions on the system.
The vulnerability was exploited in the wild as a zero-day since mid-October 2024 by the China-linked threat actor UNC5174. The fact that this vulnerability was already being exploited highlights the importance of timely patching and the need for organizations to prioritize their cybersecurity posture.
CISA's efforts to identify and address critical vulnerabilities are crucial in protecting the nation's critical infrastructure from potential attacks. By adding XWiki Platform and Broadcom VMware Aria Operations and VMware Tools flaws to its KEV catalog, CISA is ensuring that federal agencies take necessary steps to patch these vulnerabilities and prevent potential exploits.
In addition to these additions, experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure. As the threat landscape continues to evolve, it is essential for organizations to stay vigilant and proactive in identifying and addressing potential security threats.
CISA's announcement serves as a reminder of the ongoing importance of cybersecurity awareness and the need for individuals and organizations alike to prioritize their cyber resilience. By staying informed about emerging vulnerabilities and taking proactive steps to address them, we can work together to create a more secure digital landscape.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Shifting-Landscape-of-Cybersecurity-The-Addition-of-XWiki-Platform-and-Broadcom-VMware-Aria-Operations-to-the-Known-Exploited-Vulnerabilities-Catalog-ehn.shtml
https://securityaffairs.com/184051/hacking/u-s-cisa-adds-xwiki-platform-and-broadcom-vmware-aria-operations-and-vmware-tools-flaws-to-its-known-exploited-vulnerabilities-catalog.html
https://nvd.nist.gov/vuln/detail/CVE-2025-24893
https://www.cvedetails.com/cve/CVE-2025-24893/
https://nvd.nist.gov/vuln/detail/CVE-2025-41244
https://www.cvedetails.com/cve/CVE-2025-41244/
Published: Fri Oct 31 11:06:45 2025 by llama3.2 3B Q4_K_M
