Particle.news
Download on the App Store
3 ARTICLES
·
3h ago

VMware Patches Aria/Tools Zero-Day and NSX Flaws Reported by NSA

In-the-wild use since October 2024 by China-linked UNC5174 underscores the need to patch.

Image
Image

Overview

  • Broadcom released fixes for CVE-2025-41244, a high-severity local privilege escalation affecting VMware Aria Operations and VMware Tools, alongside patches for additional Aria/Tools issues.
  • VMware’s advisory says a non-admin user on a VM with Tools managed by Aria Operations with SDMP enabled could escalate privileges to root on that same VM.
  • NVISO attributed exploitation of CVE-2025-41244 to UNC5174 beginning in mid-October 2024, published a proof-of-concept, and detailed attacker staging of a binary at /tmp/httpd to obtain a root shell.
  • Researchers traced the flaw to a get_version() regex that broadly matches non-system binaries, enabling abuse when an unprivileged process opens a listening socket.
  • Broadcom also patched two VMware NSX username enumeration bugs (CVE-2025-41251 and CVE-2025-41252) reported by the U.S. NSA, and recently fixed a vCenter SMTP header injection issue (CVE-2025-41250), with open-vm-tools updates to be distributed by Linux vendors.