Yesterday CISA announced that it had added a privilege defined with unsafe actions vulnerability in the VMware Aria Operations and VMware Tools products to the CISA Known Exploited Vulnerabilities (KEV) catalog. Broadcom previously disclosed the vulnerability on September 29th, 2025 and yesterday updated their advisory to report exploits in the wild. NVISO Labs reported on the initial vulnerability disclosure and included proof-of-concept code in that report.
CISA has
ordered all federal agencies using the affected VMware products to apply “mitigations
per vendor instructions, follow applicable BOD 22-01 guidance for cloud
services, or discontinue use of the product if mitigations are unavailable.”
The deadline for completing those actions is November 20th, 2025.
Posts
No comments:
Post a Comment