The US Cybersecurity and Infrastructure Security Agency (CISA) has added two high-priority security flaws to its Known Exploited Vulnerabilities catalog. The first flaw, CVE-2025-41244, affects Broadcom’s VMware Tools and VMware Aria Operations, allowing attackers to gain root-level access on vulnerable systems. This vulnerability was exploited as a zero-day by unknown threat actors since mid-October 2024.
The second flaw is in XWiki, where an eval injection vulnerability could allow any guest user to execute arbitrary remote code execution. Threat actors have already attempted to exploit this flaw to deliver cryptocurrency miners.
CISA requires federal agencies to apply necessary mitigations by November 20, 2025, to secure their networks against active threats. The vulnerabilities were addressed by VMware last month, but not before being exploited as zero-days.
Experts warn that successful exploitation of these flaws can result in code execution for unprivileged users, giving them elevated privileges. While the exact payload executed after exploiting CVE-2025-41244 is unknown, security researchers stress the need for immediate action to fix these vulnerabilities and protect networks from active threats.
Source: https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html