Broadcom Patches Six VMware Vulnerabilities, Including Zero-Day Exploited by UNC5174

Broadcom has recently addressed six vulnerabilities in VMware products, including a zero-day vulnerability that has been actively exploited by the threat group UNC5174 since mid-October 2024. Among these vulnerabilities, four are classified as high severity, with CVE-2025-41244 being particularly noteworthy due to its CVSS score of 7.8. This vulnerability allows local users to escalate their privileges to root via VMware Tools and Aria Operations, posing a significant risk to enterprise environments relying on VMware for virtualization and cloud infrastructure.

The active exploitation of the zero-day by UNC5174 underscores the urgency for organizations to apply the patches provided by Broadcom. Privilege escalation vulnerabilities are critical as they can lead to complete system compromise if exploited. VMware Tools and Aria Operations are integral components in VMware environments, making the exploitation of such vulnerabilities particularly impactful.

From a technical perspective, the ability to escalate privileges to root means that attackers with initial access (even with low privileges) can gain full control over affected systems. This highlights the importance of robust access controls and continuous monitoring for suspicious activities.

For cybersecurity professionals, the immediate action is to apply the patches released by Broadcom. Additionally, organizations should review their security posture, particularly focusing on privilege management and access controls. Implementing additional monitoring and detection mechanisms to identify privilege escalation attempts is also advisable.

The exploitation of this zero-day by UNC5174 indicates that the group possesses advanced capabilities. Organizations should remain vigilant and consider enhancing their threat detection and response strategies to mitigate potential risks associated with such sophisticated threat actors.