VMware Flaw Allows Root Privilege Escalation (CVE-2025-41244)

Cyber Security News by CyberSum.net

Published on October 1, 2025 at 06:04 PM

8 sources

Multiple vulnerabilities have been discovered in VMware Aria Operations and VMware Tools, the most severe of which (CVE-2025-41244) could allow an attacker to escalate privileges to root. This critical flaw has reportedly been exploited in the wild as a zero-day by a state-sponsored threat actor since late 2024. A malicious local actor with non-administrative access can exploit the vulnerability to execute arbitrary code with the highest privileges on an affected virtual machine. The flaw stems from an untrusted search path issue in the service discovery feature, which can be tricked into running malicious executables. Broadcom has released patches and urges administrators to apply the updates immediately to prevent potential system compromise.

Also Read

Excel Add-in Attack Delivers CABINETRAT Malware Backdoor

A national cyber incident response team has issued a warning about a new malware campaign deploying the CABINETRAT backdoor. Attackers are using malicious Excel add-in (XLL) files, often distributed in ZIP archives, to gain initial access to systems. The malware establishes persistence through registry modifications and scheduled tasks, cleverly loading its shellcode from a PNG image file. This full-featured backdoor is capable of information gathering, remote command execution, and file operations. To evade detection, the malware employs robust anti-virtualization and anti-analysis checks.

By Cyber Security News by CyberSum.netOctober 2, 2025 at 12:00 AM