Warning about attacks on vulnerabilities in VMware and XWiki
Attackers are misusing vulnerabilities in VMware and XWiki, warns the IT security authority CISA. Updates patch the vulnerabilities.
(Image: Gorodenkoff/Shutterstock.com)
The US cybersecurity authority CISA is warning about observed attacks on security vulnerabilities in VMware Aria Operations and VMware Tools from Broadcom, as well as XWiki. The manufacturers are providing software updates that fix the vulnerabilities being attacked on the internet.
The CISA only provides the vulnerability entries for the reported attacks. Unfortunately, it provides no information about the nature and scope of the attacks, nor helpful indicators of compromise (IOCs).
VMware Attacks
The security vulnerability exploited in VMware Aria Operations and VMware Tools was addressed by Broadcom at the end of September in a security advisory, and updated software was provided. The software contains a vulnerability that allows for privilege escalation. “Local non-administrative users with access to a VM where VMware Tools is installed and managed by VMware Aria Operations with SDMP enabled can exploit the security vulnerability to escalate their privileges to 'root' in the same VM,” explains the vulnerability entry (CVE-2025-41244 / EUVD-2025-31589, CVSS 7.8, Risk “high”). The vulnerability is patched in VMware Cloud Foundation Operations 9.0.1.0, VMware Tools 13.0.5 and 12.5.4, and VMware Aria Operations 8.18.5, as well as newer versions.
Videos by heise
Additionally, attacks are ongoing against a critical security vulnerability in the wiki platform XWiki. Any guest access can inject and execute arbitrary malicious code through a 'SolrSearch'. Without prior login, attackers can compromise entire XWiki instances (CVE-2025-24893 / EUVD-2025-4562, CVSS 9.8, Risk “critical”). Developers have fixed the vulnerability in XWiki 15.10.11, 16.4.1, and 16.5.0RC1 and newer versions.
IT managers should install the available updates as soon as possible.
Last week, CISA already reported attacks on the Manufacturing Operations Management software (MOM) and Manufacturing Execution System (MES) Delmia Apriso from Dassault Systèmes. However, information on patched versions is only available behind a customer access barrier.
(dmk)
