Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
A pair of newly exploited vulnerabilities has been added to CISA’s Known Exploited Vulnerabilities Catalog.
The United States Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, one impacting the XWiki platform and the other VMware Aria Operations and VMware Tools.
CVE-2025-24893 is a remote code execution vulnerability that can be triggered through a request to SolrSearch. According to the developers of XWiki, this “impacts the confidentiality, integrity and availability of the whole XWiki installation”.
The issue was first disclosed in February 2025 and has a CVSS score of 9.8, making it a critical severity vulnerability. The vulnerability has been patched in versions 15.10.11, 16.4.1 and 16.5.0RC1.
CVE-2025-41244 is a local privilege escalation vulnerability impacting VMware Aria Operations and VMware Tools. This high-severity vulnerability, with a CVSS score of 7.8, was first reported in September 2025.
According to its CVE listing, a hacker with non-administrative privileges and access to a virtual machine with VMware Tools installed – and managed by Aria Operations with SDMP enabled – may be able to exploit CVE-2025-41244 to escalate privileges to root on the same virtual machine.
“An issue was found in open-vm-tools, a set of tools for VMs hosted on VMware. The issue is related to a local privilege escalation in combination with the get-versions.sh script, shipped with the service discovery plugin (open-vm-tools-sdmp),” CVE-2025-41244’s advisory said.
“For Debian 11 bullseye, this problem has been fixed in version 2:11.2.5-2+deb11u5.”
Broadcom recommends that all open-vm-tools packages be upgraded to avoid exploitation.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
