[Vulnerability Alert] Broadcom VMWare has a high-risk security vulnerability (CVE-2025-41244), please confirm and patch as soon as possible

• Subject: [Vulnerability Alert] Broadcom VMWare has a high-risk security vulnerability (CVE-2025-41244), please confirm and patch as soon as possible
• Content:
  • Forwarded from National Information Security Information Sharing and Analysis Center NISAC-200-202511-00000021
  • Researchers have discovered a Local Privilege Escalation vulnerability (CVE-2025-41244) in Broadcom VMWare. A local attacker who has already obtained general user privileges can exploit this vulnerability to escalate to administrator privileges within the VM. This vulnerability has already been exploited by hackers, so please confirm and patch it as soon as possible.
• Affected Platforms:
  • VMware Cloud Foundation Operations version 9.x.x.x
  • VMware Tools versions 13.x.x.x, 12.x.x, and 11.x.x
  • VMware Aria Operations versions 8.x, 5.x, 4.x, 3.x, and 2.x
• Recommended Measures:
  • The official source has released a fix update for the vulnerability; please refer to the official instructions for update at the following URL: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
• References:
  1. https://nvd.nist.gov/vuln/detail/CVE-2025-41244
  2. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Computer and Communications Center
Network Systems Group