CISA Warns of Active Exploitation of Critical VMware Flaw (CVE-2025-41244)

CISA has added a high-severity VMware vulnerability (CVE-2025-41244) to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation by China-linked hackers. The flaw impacts VMware Tools and VMware Aria Operations, allowing a local attacker to escalate privileges to root on a virtual machine (VM).

Business Impact

This vulnerability breaks tenant isolation in multi-tenant cloud environments. An attacker with non-administrative access to one VM can exploit this to take full control of that VM, potentially stealing data, compromising the host, or attacking other VMs managed by the same Aria Operations instance.

Why It Happened

The flaw is a privilege escalation issue defined with unsafe actions in VMware Tools and Aria Operations. Nation-state actors are actively exploiting it to gain deeper access within compromised networks and virtualized environments.

Recommended Executive Action

Direct infrastructure and virtualization teams to immediately apply the patches from Broadcom (VMware). This is a critical priority, as nation-state actors are actively using this flaw for espionage and lateral movement.

Hashtags: #CISA #KEV #VMware #Vulnerability #China #APT #CyberSecurity #PatchNow #CVE #InfoSec