CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers

On Thursday, CISA warned U.S. government agencies to secure their systems against attacks exploiting a high-severity vulnerability in Broadcom’s VMware Aria Operations and VMware Tools software.

Tracked as CVE-2025-41244 and patched one month ago, this vulnerability allows local attackers with non-administrative privileges to a virtual machine (VM) with VMware Tools and managed by Aria Operations with SDMP enabled to escalate privileges to root on the same VM.

CISA added the flaw to its Known Exploited Vulnerabilities catalog, which lists security bugs the cybersecurity agency has flagged as exploited in the wild. Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until November 20, to patch their systems against ongoing attacks, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.

Read more at Bleeping Computer