1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Chinese state hackers may be using VMWare Tools flaw to hack US s

    From TechnologyDaily@1337:1/100 to All on Fri Oct 31 14:15:09 2025
    Chinese state hackers may be using VMWare Tools flaw to hack US systems - so patch now, CISA warns

    Date:
    Fri, 31 Oct 2025 14:02:00 +0000

    Description:
    A recently patched Broadcom flaw was added to CISA's KEV, warning FCEB agencies about abuse in the wild.

    FULL STORY ======================================================================CISA added CVE-2025-41244 to KEV, mandating patching by November 20 The bug
    enables local privilege escalation via VMware Tools with SDMP enabled Chinese group UNC5174 exploited it for espionage targeting Western and Asian institutions

    The US Cybersecurity and Infrastructure Security Agency (CISA) has added a
    new Broadcom bug to its Known Exploited Vulnerabilities (KEV) catalog,
    warning Federal Civilian Executive Branch (FCEB) agencies about in-the-wild abuse.

    The bug in question is a local privilege escalation vulnerability affecting VMware Aria Operations and VMWare tools. According to the NVD, a malicious local actor with non-administrative privileges having access to a VM with VMWare Tools installed and managed by Aria Operations with SDMP enabled may exploit it to escalate privileges to root on the same VM.

    The bug is tracked as CVE-2025-41244, and was given a severity score of
    7.8/10 (high). Those looking for a fix for Windows 32-bit should seek out VMWare Tools 12.4.9, part of VMWare Tools 12.5.4. For Linux, there is a version of open-vm-tools that will be distributed by Linux vendors. Chinese attackers

    By adding it to KEV, CISA gave FCEB agencies a three-week deadline to apply the patch (which was published roughly a month ago) or stop using the vulnerable products entirely. The deadline is November 20.

    At the same time, security researchers are saying that the bug was being leveraged by Chinese state-sponsored criminals for roughly a year now. In fact, NVISO claims that a group tracked as UNC5174 has been using it since mid-October 2024, and even released proof-of-concept (POC) code to
    demonstrate how it could be leveraged, BleepingComputer reports.

    According to Google Mandiant, UNC5174 was hired by Chinas Ministry of State Security (MSS) to obtain access to US defense contractors, UK government agencies, and different Asian institutions.

    In late 2024, Chinese state-sponsored threat actors abused multiple zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) devices to access French government agencies , as well as numerous commercial entities such as telcos, finance, and transportation organizations. The attacks were
    attributed to a group tracked as Houken which, researchers claimed, bears
    many similarities to UNC5174.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/chinese-state-hackers-may-be-using-vmwa re-tools-flaw-to-hack-us-systems-so-patch-now-cisa-warns


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)