A zero-day local privilege escalation vulnerability, tracked as CVE-2025-41244, affecting VMware Tools and VMware Aria Operations has been actively exploited, allowing unprivileged local attackers to execute code with root privileges. Discovered by Broadcom and reported by NVISO, the flaw stems from an untrusted search path in the get-versions.sh script used for service discovery on virtual machines. The vulnerability has been linked to the threat actor UNC5174, possibly state-sponsored by China, raising concerns about cybersecurity risks associated with virtualized environments. Organizations are advised to apply patches released by Broadcom immediately to mitigate potential exploitation and safeguard their systems against malicious activities.