Pakistan’s National Computer Emergency Response Team (National CERT) has issued a critical cybersecurity advisory after confirming that state-backed hackers are actively exploiting multiple high-severity flaws in VMware products.
The vulnerabilities, tracked as CVE-2025-41244 and CVE-2025-41246, affect popular VMware tools, including Aria Operations, Cloud Foundation, NSX, and VMware Tools. These bugs carry CVSS scores of 7.8 and 7.6, allowing attackers to gain elevated privileges, bypass authorization, steal sensitive data, or even execute remote code across enterprise, cloud, and telecom environments.
National CERT confirmed that exploitation “has been observed in the wild,” with advanced persistent threat (APT) groups already leveraging these flaws for targeted attacks. The agency warned that unpatched VMware systems are at an extreme risk, especially in organizations that run critical infrastructure.
Successful exploitation could give hackers complete control over virtualized systems, potentially exposing confidential enterprise or telco data. Affected products include:
Alongside, attackers can launch these exploits both locally and remotely, often with minimal privileges, and in some cases, no user interaction is required.
To counter the threat, National CERT has directed all organizations to apply Broadcom’s latest patches immediately. Relevant advisories include:
Until updates are applied, CERT recommends:
Organizations are urged to:
The National CERT concluded its advisory with a clear message. The agency warned,
“Patch now or risk a large-scale compromise. Immediate patching and proactive monitoring remain the only defenses against these ongoing exploit campaigns.”