The US cybersecurity company CISA on Thursday expanded its Recognized Exploited Vulnerabilities (KEV) catalog with two safety defects impacting XWiki and VMware merchandise.
The XWiki flaw, tracked as CVE-2025-24893 (CVSS rating of 9.8), is an improper sanitization of search parameters that may be exploited remotely, with out authentication, to inject malicious code through specifically crafted search requests.
Profitable exploitation of the difficulty permits attackers to execute code with the privileges of the online server, to leak delicate info, or disrupt survey operations.
Proof-of-concept (PoC) exploits concentrating on the bug have been out there for roughly half a 12 months and exploitation makes an attempt had been initially noticed in March, albeit they had been flagged as reconnaissance efforts.
Earlier this week, nevertheless, VulnCheck warned {that a} menace actor has been exploiting the XWiki vulnerability to drop a cryptocurrency miner.
The VMware defect, tracked as CVE-2025-41244 (CVSS rating of seven.8), is an area privilege escalation flaw affecting Aria Operations and VMware Instruments that permits authenticated attackers to acquire root privileges on a VM that has VMware Instruments put in and is managed by Aria Operations with SDMP enabled.
Broadcom rolled out fixes for the bug in late September, however failed to say its in-the-wild exploitation. NVISO, which was credited for reporting the difficulty, reported that Chinese language menace actors have been concentrating on the CVE for roughly a 12 months.
On Thursday, Broadcom up to date its advisory, noting that it “has info to recommend that suspected exploitation of CVE-2025-41244 has occurred within the wild”.Commercial. Scroll to proceed studying.
Concurrently, CISA added the CVE, together with the XWiki defect, to the KEV record, urging federal businesses to patch them by November 20, as mandated by Binding Operational Directive (BOD) 22-01.
Associated: CISA Warns of Exploited DELMIA Manufacturing facility Software program Vulnerabilities
Associated: 12 months-Outdated WordPress Plugin Flaws Exploited to Hack Web sites
Associated: Important Home windows Server WSUS Vulnerability Exploited within the Wild
Associated: Lanscope Endpoint Supervisor Zero-Day Exploited within the Wild
