Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability

359

•

Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability (www.securityweek.com)

From the post:

>Tracked as CVE-2025-41244 (CVSS score of 7.8), the security defect impacts both VMware Aria Operations and VMware Tools. VMware’s parent company Broadcom rolled out patches this week, warning that the flaw allows attackers to escalate their privileges to root on VMs that have VMware Tools installed and are managed by Aria Operations with SDMP enabled, but made no mention of its in-the-wild exploitation. The company’s public advisories typically warn customers if zero-day exploitation has been detected.

Archive: https://archive.today/NYfbI From the post: >>Tracked as CVE-2025-41244 (CVSS score of 7.8), the security defect impacts both VMware Aria Operations and VMware Tools. VMware’s parent company Broadcom rolled out patches this week, warning that the flaw allows attackers to escalate their privileges to root on VMs that have VMware Tools installed and are managed by Aria Operations with SDMP enabled, but made no mention of its in-the-wild exploitation. The company’s public advisories typically warn customers if zero-day exploitation has been detected.

(post is archived)