October 30, 2025 By Sergiu Gatlan
On Thursday, CISA warned U.S. government agencies to secure their systems against attacks exploiting a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software.
Tracked as CVE-2025-41244 and patched one month ago, this vulnerability allows local attackers with non-administrative privileges to a virtual machine (VM) with VMware Tools and managed by Aria Operations with SDMP enabled to escalate privileges to root on the same VM.
CISA added the flaw to its Known Exploited Vulnerabilities catalog, which lists security bugs the cybersecurity agency has flagged as exploited in the wild. Federal Civilian Executive Branch (FCEB) agencies now have three weeks, until November 20, to patch their systems against ongoing attacks, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.
FCEB agencies are non-military agencies within the U.S. executive branch, including the Department of Homeland Security, the Department of Energy, the Department of the Treasury, and the Department of Health and Human Services.
While BOD 22-01 only applies to federal agencies, CISA urged all organizations to prioritize patching this vulnerability as soon as possible.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA cautioned. "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable."
