CVE-2025-41244

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

0.59%

probability

This CVE has a 0.59% probability of being exploited in the next 30 days.

0% Top 69.5th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-267 · Privilege Defined With Unsafe Actions CWE-269 · Improper Privilege Management CWE-284 · Improper Access Control

Exploits & PoC

NULL200OK/CVE-2025-41244

CVE-2025-41244 is a critical local privilege escalation vulnerability in VMware Aria Operations and VMware Tools

1 repo — triés par ⭐ Rechercher sur GitHub ↗

Chinese hackers exploiting VMware zero-day since October 2024

BleepingComputer Sep 30, 2025

Inside the customer environment: Where threat actors, vulnerabilities, and exposed assets intersect

Tenable-Research May 27, 2026

Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

TheHackerNews

CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks

TheHackerNews Oct 31, 2025

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.59%

Mentions 4

Last Seen May 27, 2026

CNA Information

Analyst Note

CVE-2025-41244 shows clear zero-day characteristics: exploitation in the wild by Chinese threat actors documented since October 2024 (preceding the September 29, 2025 publication date), and CISA KEV listing confirmed per article excerpt indicating active exploitation triggered the KEV addition. The timing establishes exploitation preceded public awareness.