A critical zero-day local privilege escalation, tracked as CVE-2025-41244, has been disclosed in VMware Tools and VMware Aria Operations and is being actively exploited in the wild. The flaw enables an unprivileged local user to obtain root-level code execution on affected guests and management hosts. Broadcom published an advisory on September 29, 2025, and urged immediate patching; security firm NVISO reported in-the-wild exploitation dating back to mid-October 2024. Because the vulnerable code appears in the widely distributed open-source build (open-vm-tools), most major Linux distributions that include that package are at risk until updated.

At its core the issue is an Untrusted Search Path weakness (CWE-426) in the get-versions.sh service discovery script. The script uses overly broad regular expressions to locate service binaries (for example patterns intended to match “/…/httpd” will also match a file named httpd in a user-writable directory such as /tmp). An attacker can place a malicious executable (e.g., /tmp/httpd) that opens a listening socket; when the VMware discovery process invokes that binary with a “-v” flag to get a version string, it runs the attacker binary with the elevated privileges of the VMware Tools service effectively yielding a root shell. The vulnerability manifests in two places: the credential-less service discovery within VMware Tools on guest VMs and legacy credential-based discovery handled by VMware Aria Operations on management platforms.

NVISO attributes observed exploitation to UNC5174, a threat actor historically linked to Chinese state sponsorship, but also notes the exploit’s trivial mechanics mean other malware may have accidentally benefited from this escalation for years (malware commonly named after system binaries can be accidentally picked up by the flawed search logic). The operational timeline exploitation activity predating public disclosure by nearly a year raises serious concerns about undetected compromises and long-running persistence. Given that the attack requires only local access to plant and run a crafted binary, any vector that allows an unprivileged user or dropped payload (phishing, container escape, web app compromise, weak user isolation) can rapidly escalate into full system compromise.

Defensive steps are immediate and measurable: apply Broadcom’s patches and updates (including updated open-vm-tools packages) without delay, and ensure management platforms (VMware Aria) are updated. Hunt for indicators such as unexpected child processes spawned by vmtoolsd or executions of get-versions.sh, and look for leftover script artifacts under /tmp/VMware-SDMP-Scripts-{UUID}/. As interim mitigations, restrict execution permissions on world-writable directories (e.g., mount /tmp with noexec where feasible), harden file permissions, and disable VMware service discovery features if they are unnecessary. If compromise is suspected, isolate affected hosts, collect forensic artifacts (process trees, /tmp contents, vmtools logs), rotate credentials and keys, perform a full incident response and root cause analysis, and monitor estate-wide for lateral movement and anomalous privileged activity.