好的,我现在需要帮用户总结一篇文章,控制在100字以内。首先,我得仔细阅读文章内容,找出关键信息。 文章主要讲的是美国CISA机构将XWiki平台和Broadcom VMware的两个漏洞加入已知被利用的漏洞目录。这两个漏洞分别是CVE-2025-24893和CVE-2025-41244,评分分别是9.8和7.8。XWiki的漏洞允许未认证用户执行任意代码,而VMware的漏洞则可能导致本地权限提升。 接下来,我需要把这些信息浓缩成一句话。要注意不要使用“文章内容总结”之类的开头,直接描述即可。同时要确保不超过100字。 可能的结构是:CISA新增了XWiki和VMware的两个高危漏洞到目录中,并给出了修复建议。这样既涵盖了主要信息,又简洁明了。 最后检查一下字数是否符合要求,确保没有遗漏关键点。 </think> 美国网络安全和基础设施安全局(CISA)将XWiki平台和Broadcom VMware Aria Operations及VMware Tools中的两个高危漏洞加入已知被利用漏洞目录,并敦促相关机构和个人尽快修复以应对潜在威胁。 2025-10-30 23:14:22 Author: securityaffairs.com(查看原文) 阅读量:6 收藏
U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog.
Below are the flaws added to the catalog:
- CVE-2025-24893 (CVSS score of 9.8) XWiki Platform Eval Injection Vulnerability
- CVE-2025-41244 (CVSS score of 7.8) Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability
The XWiki Platform, a generic wiki framework that provides runtime services for applications built on top of it, was found to contain a critical security vulnerability, tracked as CVE-2025-24893, in its SolrSearch feature. This flaw allows unauthenticated users, essentially any guest, to execute arbitrary code on the server, posing a severe risk to the confidentiality, integrity, and availability of the entire XWiki installation. The vulnerability works by injecting Groovy code into the RSS feed generation mechanism through a specially crafted request to the SolrSearch endpoint.
This issue was patched in XWiki versions 15.10.11, 16.4.1, and 16.5.0RC1, and users are strongly advised to upgrade immediately.
The second flaw added to the catalog, tracked as CVE-2025-41244, is a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools.
A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
At the end of September, Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws is the vulnerability CVE-2025-41244 that allows local users to escalate to root via VMware Tools and Aria Operations.
“VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Broadcom has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.” reads the advisory. “A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.”
The vulnerability CVE-2025-41244 has been exploited in the wild as a zero-day since mid-October 2024 by the China-linked threat actor UNC5174.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix the vulnerabilities by November 20, 2025.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)
如有侵权请联系:admin#unsafe.sh