Broadcom disclosed a local privilege escalation vulnerability affecting VMware’s guest service discovery features. Tracked as CVE-2025-41244, successful exploitation of the vulnerability may allow an unprivileged user to escalate privileges. Maxime Thiebaut from NVISO Labs discovered and reported the vulnerability to Broadcom. The security researcher at NVISO Labs claims that the vulnerability has been exploited in … Continue reading “Broadcom Addresses Actively Exploited Vulnerability in VMware Aria Operations and VMware Tools (CVE-2025-41244)”
Tag: VMware Aria Automation
VMware Aria Automation Missing Access Control Vulnerability (CVE-2023-34063)
The Commonwealth Scientific and Industrial Research Organization’s (CSIRO) Scientific Computing Platforms team discovered an access control vulnerability impacting VMware Aria Automation. CVE-2023-34063 has a critical severity rating with a CVSS score of 9.9. The vulnerability may allow an authenticated malicious actor to get unauthorized access to remote organizations and workflows. An authenticated attacker may exploit … Continue reading “VMware Aria Automation Missing Access Control Vulnerability (CVE-2023-34063)”