State-Backed Hackers Exploit Critical VMware Flaws, Companies Urged to Patch Immediately

Usama AnjumLast Updated: Oct 6, 2025
vMware exploitation

Multiple high-severity vulnerabilities have been discovered in VMware products, with state-sponsored hacking groups reportedly exploiting them in active cyberattacks, according to a critical security advisory issued to Pakistani organizations.

The flaws, identified as CVE-2025-41244 and CVE-2025-41246, carry CVSS scores of 7.8 and 7.6, respectively. They impact widely deployed VMware products, including Aria Operations, VMware Tools, Cloud Foundation, and NSX, potentially allowing attackers to gain unauthorized access, escalate privileges, expose data, or execute remote code across enterprise, telecom, and cloud environments.

Authorities have confirmed that exploitation of these vulnerabilities is already occurring “in the wild,” with some incidents linked to advanced persistent threat (APT) actors backed by nation-states. The advisory warned that unpatched systems are at severe risk of compromise, given VMware’s extensive presence in critical infrastructure worldwide.

Systems at Risk

Successful exploitation could grant full control over virtualized infrastructure, exposing sensitive enterprise and telecom data.
Affected systems include:

  • VMware Aria Operations (below version 8.18.4)

  • VMware Tools (Windows/Linux below version 13.0.4)

  • VMware Cloud Foundation and NSX (multiple builds)

  • open-vm-tools (various Linux distributions)

Exploitation Techniques

The vulnerabilities can be exploited both locally and remotely, in some cases requiring minimal privileges or no user interaction. Even basic user accounts may be leveraged to escalate access and execute arbitrary code.

Mitigation and Patching

Organizations have been instructed to immediately apply the latest security updates released by Broadcom, detailed in the following advisories:

  • Broadcom Advisory 36149

  • Broadcom Advisory 36150

  • Broadcom Advisory 35964

Until systems are patched, administrators are urged to:

  • Restrict access to VMware management consoles.

  • Enforce least-privilege user policies.

  • Monitor for unusual login attempts and privilege escalations.

  • Strengthen network segmentation for critical VMware assets.

Security teams are further advised to include VMware-specific exploit scenarios in their incident response procedures and monitor SIEM and IDS/IPS systems for potential compromise indicators. Verifying backup integrity and ensuring rapid recovery mechanisms are also recommended.

The advisory concludes by urging all public and private sector entities to treat the issue as a critical infrastructure threat.

“Immediate patching and proactive monitoring are the only defenses against these ongoing exploit campaigns,” the advisory warned.

Also read:

NCERT Warns of ‘TamperedChef’ Virus Spread Through Fake PDF Editors

PTA Taxes Portal

Find PTA Taxes on All Phones on a Single Page using the PhoneWorld PTA Taxes Portal

Explore NowFollow us on Google News!
Usama AnjumLast Updated: Oct 6, 2025
Photo of Usama Anjum

Usama Anjum

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
>