CISA’s Halloween Horror: Major Flaws Haunt XWiki and VMware Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added XWiki Platform, Broadcom VMware Aria Operations, and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. These vulnerabilities include a critical XWiki code injection flaw and a VMware privilege escalation issue. CISA urges immediate patching to prevent unauthorized access and exploitations.

3P
Published: October 30, 2025 11:50 pmAdded: October 30, 2025 at 5:16 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like CISA’s vulnerability catalog is the hottest library in town—who knew reading lists could be this dangerous? With XWiki and VMware strutting their stuff on the exploited vulnerabilities runway, it seems like hackers are the new fashion police, and they’re not interested in compliments!

Key Points:

  • CISA adds XWiki Platform and Broadcom VMware vulnerabilities to the Known Exploited Vulnerabilities catalog.
  • XWiki flaw (CVE-2025-24893) allows code execution by unauthenticated users via the SolrSearch feature.
  • VMware flaw (CVE-2025-41244) permits local privilege escalation to root by non-admin users.
  • China-linked threat actor UNC5174 has been exploiting the VMware vulnerability as a zero-day.
  • Federal agencies are required to fix these vulnerabilities by November 20, 2025.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?