CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Vulnerabilities

CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog

Broadcom has updated its advisory on CVE-2025-41244 to mention the vulnerability’s in-the-wild exploitation. The post CISA Adds Exploited XWiki, VMware Flaws to KEV Catalog appeared first on SecurityWeek.

CISA KEV

The US cybersecurity agency CISA on Thursday expanded its Known Exploited Vulnerabilities (KEV) catalog with two security defects impacting XWiki and VMware products.

The XWiki flaw, tracked as CVE-2025-24893 (CVSS score of 9.8), is an improper sanitization of search parameters that can be exploited remotely, without authentication, to inject malicious code via specially crafted search requests.

Successful exploitation of the issue allows attackers to execute code with the privileges of the web server, to leak sensitive information, or disrupt survey operations.

Proof-of-concept (PoC) exploits targeting the bug have been available for roughly half a year and exploitation attempts were initially observed in March, albeit they were flagged as reconnaissance efforts.

Earlier this week, however, VulnCheck warned that a threat actor has been exploiting the XWiki vulnerability to drop a cryptocurrency miner.

The VMware defect, tracked as CVE-2025-41244 (CVSS score of 7.8), is a local privilege escalation flaw affecting Aria Operations and VMware Tools that allows authenticated attackers to obtain root privileges on a VM that has VMware Tools installed and is managed by Aria Operations with SDMP enabled.

Broadcom rolled out fixes for the bug in late September, but failed to mention its in-the-wild exploitation. NVISO, which was credited for reporting the issue, reported that Chinese threat actors have been targeting the CVE for roughly a year.

On Thursday, Broadcom updated its advisory, noting that it “has information to suggest that suspected exploitation of CVE-2025-41244 has occurred in the wild”.

Simultaneously, CISA added the CVE, along with the XWiki defect, to the KEV list, urging federal agencies to patch them by November 20, as mandated by Binding Operational Directive (BOD) 22-01.

Related: CISA Warns of Exploited DELMIA Factory Software Vulnerabilities

Related: Year-Old WordPress Plugin Flaws Exploited to Hack Websites

Related: Critical Windows Server WSUS Vulnerability Exploited in the Wild

Related: Lanscope Endpoint Manager Zero-Day Exploited in the Wild

Latest News

CYBERNEWSMEDIAPublisher