Skip to main content
See every side of every news story
Get Started
SubscribeLogin
Published loading...Updated

CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers

Summary by BleepingComputer
CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024.

5 Articles

BleepingComputerBleepingComputer
Center

CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers

CISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024.

Read Full Article
unsafe.shunsafe.sh

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

好的,我现在要帮用户总结这篇文章的内容,控制在100字以内。首先,我需要通读整篇文章,抓住关键信息。 文章主要讲的是美国网络安全和基础设施安全局(CISA)将一个高危漏洞加入到已知被利用的漏洞目录中。这个漏洞影响的是Broadcom的VMware Tools和VMware Aria Operations,编号是CVE-2025-41244,CVSS评分为7.8。攻击者可以利用这个漏洞获得目标系统的最高权限。 接下来,文章提到这个漏洞是在野被积极利用的,Broadcom在上个月已经修复了这个问题,但在此之前已经被未知威胁行为者作为零日漏洞利用了。NVISO Labs在五月份发现了这个漏洞,并且指出它很容易被利用。 此外,CISA还把XWiki中的一个严重注入漏洞加入目录中,该漏洞允许任何访客用户通过特定请求执行任意远程代码。VulnCheck观察到未知威胁行为者试图利用这个漏洞来传播加密货币挖矿软件。 最后,联邦民事执行部门机构需要在2025年11月20日前应用必要的缓解措施来保护网络。…

Read Full Article
IT Security News - cybersecurity, infosecurity newsIT Security News - cybersecurity, infosecurity news

CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-41244 to its Known Exploited Vulnerabilities catalog. This local privilege escalation flaw affects Broadcom’s VMware Aria Operations and VMware Tools, with evidence of active exploitation in the wild. Security researchers and officials urge immediate patching to prevent potential ransomware and other attacks that could compromise virtualized […] The post CISA Warns of…

Read Full Article
cybernoz.comcybernoz.com

CISA Orders Feds To Patch VMware Tools Flaw Exploited By Chinese Hackers - Cybernoz - Cybersecurity News

On Thursday, CISA warned U.S. government agencies to secure their systems against attacks exploiting a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software. Tracked as CVE-2025-41244 and patched one month ago, this vulnerability allows local attackers with non-administrative privileges to a virtual machine (VM) with VMware Tools and managed by Aria Operations with SDMP enabled to escalate privileges to root …

Read Full Article
cisa.govcisa.gov

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA Adds Two Known Exploited Vulnerabilities to Catalog chayes Oct 30, 2025 Release DateOctober 30, 2025 DescriptionCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.CVE-2025-24893 XWiki Platform Eval Injection VulnerabilityCVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions VulnerabilityThese types of vulnerab…

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center

Factuality 

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

cisa.gov broke the news in on Thursday, October 30, 2025.
Sources are mostly out of (0)

Similar News Topics

CISA icon

CISA

VMware icon

VMware

Feds icon

Feds

Broadcom icon

Broadcom

United States icon

United States

News
For You
SearchBlindspotLocal