CISA Flags Critical VMware Zero-Day Exploited by Chinese Hackers

On October 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity security flaw affecting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog. This action follows reports of active exploitation of the vulnerability, identified as CVE-2025-41244 with a CVSS score of 7.8. The flaw could be exploited by attackers to gain unauthorized access, posing significant risks to affected systems. The vulnerability's addition to the KEV catalog underscores its critical nature and the urgent need for organizations to apply patches. VMware Tools and Aria Operations are integral components in many enterprise environments, making this vulnerability a substantial concern. The active exploitation by hackers linked to China highlights the ongoing threat posed by state-sponsored actors, who often target widely-used enterprise software to gain a foothold in sensitive networks. Technically, CVE-2025-41244 could allow attackers to bypass security controls and gain unauthorized access to systems. This could lead to data exfiltration, lateral movement within networks, or further exploitation of other vulnerabilities. The CVSS score of 7.8 indicates a high severity issue, necessitating immediate attention from cybersecurity professionals. The impact on the cybersecurity landscape is significant. This incident underscores the importance of timely patch management and the need for continuous monitoring of enterprise environments. Organizations using VMware products should prioritize patching this vulnerability and conduct thorough checks for any signs of exploitation. From an expert perspective, this vulnerability is a reminder of the persistent threats faced by organizations using widely-deployed enterprise software. State-sponsored actors, particularly those linked to China, are known for their advanced capabilities and targeted attacks. Cybersecurity professionals should ensure that their vulnerability management processes are robust and that they are prepared to respond quickly to emerging threats. In conclusion, the exploitation of CVE-2025-41244 by Chinese hackers highlights the critical need for organizations to stay vigilant and proactive in their cybersecurity efforts. Patching this vulnerability should be a top priority to mitigate the risk of unauthorized access and potential data breaches.