Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Nov 20, 2025

High
CISA KEV

CVE-2025-41244

BroadcomVMware Aria Operations and VMware Tools

Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.

Required Action

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244

Vulnerability Overview

Severity
High
CISA KEV
Yes
Ransomware
Unknown
Published
Oct 30, 2025
KEV Added
Oct 30, 2025
Due Date
Nov 20, 2025
Related Articles
0

Vendor

Broadcom

VMware Aria Operations and VMware Tools