- Broadcom Patches CVE-2025-41244, high efficiency VMware Privilege Escalation zero day
- The Chinese actor UNC5174 used an error using malicious binary files on such tracks as /tMP /httpd
- UNC5174 Previously targeted French government and commercial sectors using Ivanti CSA vulnerabilities
Broadcom corrected the vulnerability of high undead that affects its VMware ARIA operations and VMware tools, which, apparently, were used as a zero day in real attacks.
In the new security consultation, the company said, said that she established a vulnerability to escalation of a local privilege, which allowed a local user to limited access to a virtual machine to become a root (if the VMware tools and the ARIA operation – with the SDMP – worked on this virtual machine). The error is now monitored as the CVE-2025-41244, and it was given the degree of seriousness of 7.8/10 (high).
Those who are looking for a correction for 32-bit Windows should look for VMware 12.4.9 tools, part of the VMware 12.5.4 tools. For Linux there is a version of open VM tools that will be distributed by Linux suppliers.
UNC5174 is accused
The consultation also mentions a couple of other vulnerabilities that were fixed, but it does not mention any abuse.
Shock computerNevertheless, I noticed a separate report of NVISO cybersecurity researchers, who not only confirmed it, but also issued a concept of concept (POC), which demonstrates how threat actors can use an error to aggravate privileges in compromised systems.
They also said that the actors sponsored by the Chinese state were those who use this mistake: “To abuse this vulnerability malicious Double in any of the widely compared ways of regular expression. A simple common place, abused in the wild, is unc5174, is /tmp /httpd, ”said Naistio in the report.
UNC5174 is an known Chinese actor sponsored by the state. This summer it was reported that the group targeted government agencies in French At the end of 2024, as well as numerous commercial organizations, such as telecommunication companies, finances and transport organizations.
Then the French National Safety Agency for Information Systems (ANSI) noted that threat actors abuse three vulnerability of security in Ivanti CSA: CVE-2024-8963, CVE-2024-9380 and CVE-2024-8190.
