Hacked and Confused: VMware’s Zero-Day Drama Unfolds in Wild Exploitation!

A recently patched security flaw in Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day by the crafty, China-linked threat actor UNC5174. So, while you were updating your playlists, someone was exploiting CVE-2025-41244 to escalate privileges. Talk about getting to the top the hard way!

3P
Published: September 30, 2025 4:31 pmAdded: September 30, 2025 at 10:06 amAssembled by: The Editor
Pro Dashboard

Hot Take:

VMware just got a new nickname: “VulnerableWare.” With a CVSS score of 7.8, this zero-day flaw is like leaving your front door open and hoping no one notices. But hey, at least Broadcom and VMware can say they’re popular… with hackers!

Key Points:

  • A zero-day vulnerability, CVE-2025-41244, affects multiple VMware products, allowing local privilege escalation.
  • The flaw has been exploited since mid-October 2024 by a China-linked threat actor, UNC5174.
  • The vulnerability is tied to the “get_version()” function, which can be manipulated using regex patterns.
  • The issue is fixed in VMware Tools 12.5.4 for Windows 32-bit systems, with Linux solutions pending.
  • Exploitation allows unprivileged users to execute code with root privileges by mimicking system binaries.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?