Overview
- Listed as CVE-2025-41244 with a CVSS 7.8 score, the flaw lets a non-admin user on a VM with VMware Tools managed by Aria Operations and SDMP enabled escalate privileges to root.
- Broadcom addressed the vulnerability in late September 2025 and rated it in the Important severity range, with vendor guidance now available for patching.
- CISA’s Known Exploited Vulnerabilities catalog addition triggers Binding Operational Directive 22-01 requirements, mandating Federal Civilian Executive Branch agencies remediate by November 20, 2025.
- NVISO reported active exploitation since mid-October 2024, attributing activity to the China-linked group UNC5174, with proof-of-concept details previously released.
- CISA also added a separate critical XWiki flaw (CVE-2025-24893) that allows unauthenticated remote code execution, which XWiki patched in versions 15.10.11, 16.4.1, and 16.5.0RC1, while urging all organizations to apply mitigations or discontinue affected products if needed.