MS-ISAC consultancy number:
2025-092
Published date (s):
09/30/2025
PREVIEW:
Several vulnerabilities have been discovered in VMware Aria operations and VMware tools, the most serious of which could allow the climbing of the privileges of rooting. VMWARE ARIA is a multi-cloud management platform that provides automation, operations and cost management for applications and infrastructure in private, public and hybrid cloud environments. The successful exploitation of the most serious of these vulnerabilities could allow the climbing of privileges to root us. An attacker could then install programs; Show, modify or delete data; Or create new accounts with complete user rights.
Threat intelligence:
NVISO indicates that the CVE-2025-41244 vulnerability has been exploited in the wild as a zero day since mid-October 2024 by the threat actor linked to China UNC5174.
Affected systems:
- VMware Cloud Foundation Operations versions prior to 9.0.1.0
- VMware Tools versions prior to 13.0.5.0, 13.0.5, and 12.5.4
- VMware Aria Operations versions prior to 8.18.5
Large and medium government entities
Small government
Large and medium business entities
Small business entities