Broadcom Patches Six VMware Vulnerabilities, Including Actively Exploited Zero-Day
Broadcom has released urgent security patches for several VMware vulnerabilities, including a zero-day actively exploited by a China-linked threat actor. The most severe vulnerability, CVE-2025-41244, has a CVSS score of 7.8 and is considered important.
UNC5174, a China-linked threat actor, has been exploiting CVE-2025-41244 in the wild since mid-October 2024. This vulnerability allows local users to escalate privileges to root via VMware Tools and Aria Operations, impacting multiple VMware products and versions. Broadcom patched six VMware flaws in total, including CVE-2025-41244, an Information Disclosure vulnerability (CVE-2025-41245), and an Improper Authorization vulnerability (CVE-2025-41246).
Users are advised to apply the latest security patches immediately to protect against these vulnerabilities. The active exploitation of CVE-2025-41244 by UNC5174 underscores the importance of prompt action.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
