The IT Nerd

Broadcom has patched a high-severity VMware vulnerability (CVE-2025-41244, CVSS 7.8) that had been exploited as a zero-day for nearly a year. The flaw, impacting VMware Aria Operations and VMware Tools (including open-vm-tools on Linux), allows privilege escalation to root on VMs. Security researchers at NVISO Labs reported that a Chinese state-sponsored threat group, UNC5174, has been actively exploiting the bug, including by staging malicious binaries in writable directories like /tmp/httpd.  Patches are now available across VMware Cloud Foundation, vSphere, Aria Operations, Telco Cloud Platform, VMware Tools, and open-vm-tools (to be distributed by Linux vendors). Detection requires monitoring for uncommon child processes or leftover collector scripts.

You can find more details here: https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/

Gunter Ollmann, CTO, Cobalt had this comment:

“Zero-days that persist in widely used infrastructure for nearly a year highlight the growing mismatch between vendor disclosures and adversary realities. In this case, the triviality of the exploit means it likely fell into the hands of multiple threat actors, not just those with nation-state capabilities. When exploitation is both simple and widespread, leaving customers unaware is an unforced error that adds unnecessary risk. The industry needs more candor around zero-day exploitation so defenders can calibrate their urgency. In the long run, trust in security advisories will matter as much as the patches themselves.”

Dale Hoak, CISO, RegScale adds this:

“An unpatched or undisclosed zero-day undermines the very foundation of compliance programs, which rely on accurate risk data. If customers don’t know an exploit is active, they can’t prioritize remediation, leaving regulators and auditors working from a false baseline of assurance. This is why it’s critical to operationalize risk in the larger context of patching—moving beyond a checklist exercise to a process that connects advisories, vulnerability data, and remediation actions in real time. Continuous controls monitoring enables that connection, ensuring that controls are validated against live threats, not just documented in static reports. Real assurance comes when organizations can align compliance, risk, and patching as a single operational discipline.”

While I am a big believer in patching all the things, you also have to have an approach to security that mitigates the potential effects of zero days. That’s not easy to do, but it has become a requirement given how quickly threat actors evolve and shift tactics.

I should also mention that the fact that this was out there for a year is bad. Extraordinarily bad. But you knew that already.

UPDATE: Adrian Culley, Senior Sales Engineer at SafeBreach adds this comment:

“Broadcom has released fixes for CVE-2025-41244 and related issues affecting VMware Aria Operations and VMware Tools. In certain configurations, VMs with VMware Tools managed by Aria Operations with SDMP enabled local privilege escalation to root. NVISO reports the bug was exploited in the wild since mid-October 2024 by a China-nexus actor assessed as UNC5174. Teams should patch Aria Operations/Tools immediately and ensure Linux hosts receive updated open-vm-tools from their distributors. Hunt for exploitation by looking for mimicked system binaries (e.g., httpd) in writable paths like /tmp/httpd and for unusual child processes from discovery collectors. After patching, continuously validate that privilege-escalation, credential harvesting, and lateral-movement paths are closed—don’t just assume they are.”

A few days ago, I wrote about my use of virtual machines and I mentioned this:

Now, earlier on I did mention that I currently run two virtual machine software. That’s going to change as I am going to migrate to UTM for all my virtual machines. I’m doing that because since VMware has been acquired by Broadcom, their level of support has nosedived. You can take a scroll through the VMware Sub-Reddit to see the complaints about this acquisition that people have. And a lot of my clients are looking to move their enterprise level virtual machines off of the VMware platform for greener pastures like Microsoft Hyper-V, Nutanix or Citrix as a result of the chaos caused by the Broadcom acquisition. That lessens my need to run VMware’s software. Also UTM has much broader support for classic operating systems such as Windows XP and Windows 7. Which is something that VMware doesn’t offer. Thus it makes sense for me to transition to UTM. 

Well I may be rethinking this move because The Register is reporting that VMware or more accurately Broadcom who owns VMware now is going to offer Workstation Pro for PC and Fusion Pro for Mac are now going to be offered for free… For personal use. Now part of me thinks that this is a trap as this is an honour system. Meaning that if you’re some kid in their college dorm, Broadcom won’t care. But some company will likely play fast and loose with this and I can see Broadcom doing an audit and catching out a company on this front. I’m thinking this because the acquisition of VMware by Broadcom has been a clown show.

Anyway, the transition from the VMware customer portal to the Broadcom version is something that’s currently ongoing and is scheduled to end today. Assuming that happens on schedule, which given that this whole acquisition has been a clown show as mentioned previously I question if that is going be the case, I’ll be able to get a license key and test out Fusion Pro. Then I will be able to make a call as to if I should move to UTM. Right now I can’t see any of my VMware license keys in the customer portal, and I can’t make new ones to get Fusion Pro working. But let’s see if that changes.

UPDATE: Here’s the official announcement from VMware/Broadcom

UPDATE #2: I just got a chance to try updating to version 13.5.2 of VMware Fusion. It didn’t work and I am still stuck on VMware Fusion Player. I did some checking around and I found this post from the Product Manager of VMware Fusion Michael Roy who states that he is coming up with details on how to convert to Fusion Pro if you have Fusion Player installed. But the linked post walks you through how to install Fusion Pro as a new user.

UPDATE #3: I now have the Pro version of VMware Fusion installed. What I did is use a utility called AppCleaner to get rid of the current install of VMware Fusion Player. Then I downloaded version 13.5.2 from the Broadcom site and installed it. When you do that, you get the option to use the Pro version for personal use after the install is finished. This is pretty dumb as I should not have to delete the app to get this to work. It should simply work via an upgrade to 13.5.2. Clearly VMware or likely Broadcom didn’t have this scenario in their test plans. In any case, you won’t lose any of your virtual machines by doing this. Though you will have to go to File –> Scan For Virtual Machines to add them back.

Before I get to what’s in the title above. Some background. Last year VMware was sold to Broadcom for at ton of money. Then the first hint that Broadcom was going try to milk every last cent out of VMware that they could was that they took VMware accounts direct with next to zero notice and they terminated VMware’s partner program. All of that made it clear that things with VMware were changing, and not for the better. Today adds another piece to that puzzle with news that the free version of vSphere Hypervisor is being killed:

VMware vSphere Hypervisor (free edition) is no longer available on the VMware website

And:

Along with the termination of perpetual licensing, Broadcom has also decided to discontinue the Free ESXi Hypervisor, marking it as EOGA (End of General Availability).

Regrettably, there is currently no substitute product offered. For further details regarding the affected products and this change, we encourage you to review the following blog post: https://blogs.vmware.com/cloud-foundation/2024/01/22/vmware-end-of-availability-of-perpetual-licensing-and-saas-services/

What this basically means is that Broadcom has pretty much signaled that it is no longer interested in smaller VMware customers. Not only that, the free version was a way for people to become familiar with VMware, especially early in their career. Because once they had them using VMware for free, they’d happily pay for it when they were in a position to recommend it. Now VMware is effectively saying F-U to all those people and the potential revenue that comes from those people. Albeit delayed. And I’m pretty sure that this is going to come back to bite Broadcom at some point and is quite literally a gift from heaven for companies like Nutanix, Scale Computing or Microsoft. Sales reps in those companies must be run off their feet by VMware customers who want to switch to something else other than VMware.

Mark my words, Broadcom has made a major mistake by doing this.

VMware today outlined its vision for the future of networking, and unveiled the Virtual Cloud Network. The Virtual Cloud Network will enable organizations to create a digital business fabric for connecting and securing applications, data, and users across the entire network in a hyper-distributed world.

To deliver on this vision, VMware announced the VMware NSX networking and security portfolio to enable consistent, pervasive connectivity and security for apps and data across software-defined data centre, branch, cloud, and telco environments. Global leaders in digital transformation and technology innovation demonstrated support for VMware’s vision and NSX portfolio launch (see below).

The NSX portfolio includes investments of resources to deliver new capabilities that include:

• VMware NSX SD-WAN integration with VMware NSX Data Center and VMware NSX Cloud
• NSX Cloud support for applications running in Microsoft Azure
• NSX Data Center support for containerized cloud-native and bare metal applications
• Telco/NFV and networking performance optimizations for distributed workloads in NSX Data Center

Virtual Cloud Network: A New Network Approach for the Next 20 Years

Organizations are embarking on digital transformation to create better experiences for customers, clients, and employees, and drive better business outcomes. These efforts introduce a new level of networking and security complexity as organizations move from centralized data centres, to hyper distributed applications and centres of data at the edge.

The Virtual Cloud Network will enable businesses to connect, better secure, and optimize the delivery of applications and data in an era when a majority of workloads exist outside the data centre. With a Virtual Cloud Network, customers will be able to create an end-to-end software-based network architecture that can deliver services to applications and data, wherever they are located. The Virtual Cloud Network will operate at global scale from edge to edge, and deliver consistent, pervasive connectivity and security for apps and data independent of underlying physical infrastructure or location. The Virtual Cloud Network will enable organizations to streamline the journey to digital business, and take full advantage of digital transformation, by unlocking value from today’s current networking technologies and significantly reducing network complexity.

VMware Advances Business Transformation with Networking and Security in Software

The VMware NSX networking and security portfolio provides a common operating environment to connect, secure and operate a Virtual Cloud Network. The portfolio will include new and enhanced capabilities for data centre, branch, cloud and telco environments, and will advance support for traditional and modern application frameworks. With the VMware NSX portfolio, customers will be able to manage consistent networking and security across private data centres, AWS, Azure, and IBM Cloud.

Network Virtualization: VMware NSX Data Center is the industry’s most widely deployed network virtualization platform for the enterprise data centre, adopted by more than 4,500 customers globally. NSX Data Center enables customers to design, build, and operate next-generation policy driven data centres that connect, secure, and automate traditional and modern applications, and help protect applications and data through security that is an intrinsic part of the infrastructure.

With the latest update, NSX Data Center will include new container and bare metal capabilities that will be able to provide consistent networking services to all applications and deployment models. Container integration rapid-releases will enable global security and more to new app platforms (e.g. PKS). VMware is also adding new accelerated performance optimizations for distributed workloads, which will better support telco/network functions virtualization environments.

Software-Defined Wide Area Networking (SD-WAN): VMware NSX SD-WAN by VeloCloud is the industry-leading SD-WAN solution that combines the economics and flexibility of the best real-time network overlay with the deployment speed, scale and automation of cloud-delivered services. With NSX SD-WAN, customers can deliver better cloud and application performance with full visibility, metrics, control, and automation of all device and user endpoints, with lower overall costs. NSX SD-WAN integrates with NSX Data Center and NSX Cloud, enabling customers to extend consistent networking and security policies from the data centre to the branch to the cloud, while providing operational visibility and control end-to-end. NSX SD-WAN by VeloCloud provides an extensible platform for enterprises and telcos to integrate both on-premises and cloud services under the same consistent business policy framework. NSX SD-WAN is available to customers in three ways. Customers can purchase NSX SD-WAN as a service from VMware, or from more than 60 communication service providers worldwide. NSX SD-WAN is also available as an on-premises deployable solution. More than 2,000 customers have adopted NSX SD-WAN to date.

• Multi-Cloud Networking: VMware NSX Cloud provides consistent networking and security for applications running in both private VMware-based data centres and natively in public clouds. NSX Cloud addresses operational challenges inherent with using multiple public clouds, such as inconsistent policies and constructs across clouds; manual operations requiring policy for each cloud, region, and VPC: limited operational visibility into East-West traffic; and operations tools that are specific to each public cloud.

With the latest release of NSX Cloud, VMware will add new native controls for customers that are using Microsoft Azure as part of their multi-cloud strategy.

• Hybrid Cloud Connectivity: VMware NSX Hybrid Connect enables customers to solve one of the biggest challenges with hybrid cloud – consistent networking. VMware NSX Hybrid Connect enables customers to create a consistent, highly performant, and more secure software fabric that interconnects data centres and clouds while maintaining the same governance and control. With NSX Hybrid Connect, customers can seamlessly migrate workloads from any VMware environment to a modern software-defined data centre environment running anywhere — on-premises, in the public cloud, or operated by a VMware Cloud Provider partner.

Additional Resources

• Read “What a Virtual Cloud Network Can Do For Your Business” for an executive perspective from VMware’s Rajiv Ramaswami, COO, Products and Cloud Services
• Read this blog about Tom Gillis joining as 
• VMware’s new Networking and Security business leadLearn more about
• VMware’s portfolio for building the Virtual Cloud Network in this blog
• Read about the new VMware NSX SD-WAN by VeloCloud service in this blog
• Learn more about VMware NSX and VMware NSX certification and training