Print - 【Vulnerability Alert】 A high-risk security vulnerability (CVE-2025-41244) has been identified in Broadcom VMWare. Please verify and apply the necessary patches as soon as possible.

【Vulnerability Alert】 A high-risk security vulnerability (CVE-2025-41244) has been identified in Broadcom VMWare. Please verify and apply the necessary patches as soon as possible.

publish date : 2025-11-07 update date : 2025-11-07

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2025110603113737	Publication Time	2025/11/06 15:25
Incident Type	ANA-Vulnerability Alert	Discovery Time	2025/11/06 15:25
Impact Level	Medium
[Subject] 【Vulnerability Alert】 A high-risk security vulnerability (CVE-2025-41244) has been identified in Broadcom VMWare. Please verify and apply the necessary patches as soon as possible.
[Content] Forwarded from the National Institute of Cyber Security NISAC-200-202511-00000021 Researchers have discovered a local privilege escalation (Local Privilege Escalation) vulnerability (CVE-2025-41244) in Broadcom VMware. A local attacker who has obtained ordinary (non-administrative) privileges can exploit this vulnerability to elevate to administrator privileges inside the VM. The vulnerability has been exploited by attackers; please verify and apply patches as soon as possible. Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] VMware Cloud Foundation Operations versions 9.x.x.x VMware Tools versions 13.x.x.x, 12.x.x, and 11.x.x VMware Aria Operations versions 8.x, 5.x, 4.x, 3.x, and 2.x
[Recommended Actions] The vendor has released security updates to address this vulnerability. Please refer to the official advisory for update instructions at the following URL: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149
[Reference] 1. https://nvd.nist.gov/vuln/detail/CVE-2025-41244 2. https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center