You name it, VMware elevates it (CVE-2025-41244)

**NVISO disclosure of CVE-2025-41244:** a trivial-to-exploit local privilege escalation in VMware Aria Operations and open-vm-tools service discovery that allows unprivileged processes (e.g., binaries staged in writable directories like /tmp) to be executed with privileged context (root). The report includes code-level analysis, a Go proof-of-concept that spawns an elevated shell, process-tree examples, detection suggestions, and notes active exploitation observed from mid‑October 2024 attributed to UNC5174; Broadcom published patches and an advisory on 2025-09-29.