CVE-2025-41244 poses a significant threat as it allows a low-privileged user on a compromised virtual machine to escalate their privileges to root. This flaw, rated 7.8 on the CVSSv3 scale, is particularly dangerous in environments where VMware Tools are managed by Aria Operations with SDMP enabled. Recent reports confirm active exploitation, heightening the urgency for immediate patches.
Security researchers advise organizations to prioritize updates to avoid potential ransomware attacks and broader network access vulnerabilities due to this exploit. The flaw stems from CWE-267, indicating that insufficient privilege management can lead to severe security breaches. As such vulnerabilities are increasingly targeted in ransomware campaigns, effective vulnerability management is critical for organizations utilizing VMware products.
👉 Pročitaj original: Cyber Security News
