- Broadcom Patches CVE-2025-41244, a VMware privilege of high difficulty.
- Chinese actor UNC5174 utilized the error using malicious binary files in paths like /tmp /httpd
- UNC5174 previously targeted French governments and commercial sectors using Ivanti CSA -vulnerability
Broadcom has patched a vulnerability with high difficulty affecting its VMware Aria operations and VMware tools that seemed to be used as a zero day in the real world attack.
In a new security advice, the company said it got a local vulnerability vulnerability that allowed a local user with limited access to a World Cup to become mess (if VMware tools and Aria operations – with SDMP activated – ran on this World Cup). The error is now traced as CVE-2025-41244 and got a severity of 7.8/10 (high).
Those looking for a solution for Windows 32-bit should search VMware tools 12.4.9, part of VMware Tools 12.5.4. For Linux, there is a version of Open World Cup tools that will be distributed by Linux vendors.
UNC5174 accused
The counseling also mentions a few other vulnerabilities that were firm, but it does not mention any abuse of wild.
Bleeping computerHowever, a separate report from cybersecurity scientists discovered Niso, who not only confirmed it but also released a proof-of-concept (POC) showing how threat actors could exploit the error to escalate privileges of compromised systems.
They also said that Chinese state -sponsored actors were the ones who exploited this mistake: “To abuse this vulnerability, an unprivileged local striker can arrange a malicious binary within any of the widely matched regular expressions.
UNC5174 is a well -known Chinese state -sponsored actor. This summer, it was reported that the group targeted French state agencies by the end of 2024 as well as several commercial units such as Telcos, Financing and Transport Organizations.
Back then, the French National Agency for Security for Information Systems (ANSSI) noticed threat actors abused three safety vulnerability in Ivanti CSA units: CVE-2024-8963, CVE-2024-9380 and CVE-2024-8190.
