CISA warns: Dangerous VMware vulnerability from China hackers!

CISA warns: Dangerous VMware vulnerability from China hackers!

In a disturbing announcement today, the Cybersecurity and Infrastructure Security Agency (CISA) identified a serious security flaw in VMware products. This vulnerability, known as CVE-2025-41244, specifically affects Broadcom VMware Tools and VMware Aria Operations. Loud IT Boltwise The impact of this vulnerability is enormous as it allows attackers associated with China to gain root privileges on the affected systems.

The discovery of this vulnerability dates back to May 2023, when it was first discovered by NVISO Labs. As a result, it has become an active zero-day exploit since mid-October 2024, further exacerbating the situation. CISA warns of significant security risks for companies worldwide. What's particularly alarming is that many systems may not yet have the necessary security updates, even though Broadcom patched the vulnerability last month.

The threat situation and the necessary measures

The threat actor, identified as UNC5174, is currently being monitored by Google Mandiant. CISA emphasizes that it is urgently necessary for companies and authorities to install security updates as quickly as possible in order to minimize the risk of an attack. This vulnerability is described as “trivial to exploit,” which only increases the urgency.

Additionally, CISA has also identified a critical eval injection vulnerability in XWiki that allows guest users to execute arbitrary remote code through special requests. This vulnerability is also used by unknown threat actors to spread cryptocurrency miners. U.S. federal agencies must take necessary actions to address these threats by November 20, 2025.

What does CVE-2025-41244 mean?

But what exactly is a CVE? According to the National Vulnerability Database (NVD), a CVE defines a vulnerability as a weakness in logical computation in software and hardware components. This may have a negative impact on confidentiality, integrity or availability. Information about all vulnerabilities is accessible via the NVD, with each vulnerability given a unique CVE identification number that allows secure referencing. More detailed information is available on the official website nvd.nist.gov to find.

Given the current threat situation, quick reactions and updates are essential. Companies are called upon to immediately check their systems and take necessary measures to protect themselves against potential attacks. Cyberspace remains a hot topic and everyone needs to be vigilant!