VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations\u00a0
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products.\u00a0<\/p>\n
These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation.\u00a0<\/p>\n
The vulnerabilities affect the following VMware products:<\/p>\n
Credential Exposure via Improper Access Controls (CVE-2025-22218)<\/strong><\/p>\n The most severe flaw, rated 8.5 CVSSv3, allows attackers with View Only Admin permissions to access credentials of integrated VMware products.\u00a0<\/p>\n This vulnerability in Aria Operations for Logs could expose authentication details for linked services like vSphere or NSX, enabling lateral movement in compromised networks.<\/p>\n Stored XSS-to-Admin Takeover Chain (CVE-2025-22219, CVE-2025-22221)<\/strong><\/p>\n Two cross-site scripting (XSS) vulnerabilities (CVSS 6.8 and 5.2) enable privilege escalation through crafted payloads.\u00a0 Attackers with basic privileges could inject malicious scripts into log management interfaces, potentially hijacking admin sessions.\u00a0<\/p>\n Notably, CVE-2025-22221 requires admin privileges but could propagate malware via agent configurations.<\/p>\n Logs broken access control vulnerability (CVE-2025-22220)<\/strong><\/p>\n This moderate-severity flaw (CVSS 4.3) permits non-admin users with network access to the Aria Operations for Logs API to execute admin-level operations, potentially modifying audit trails or exfiltrating sensitive log data.<\/p>\n Information disclosure vulnerability (CVE-2025-22222)<\/strong><\/p>\n Aria Operations contains a 7.7 CVSS-rated information disclosure flaw where non-admin users could retrieve credentials for outbound plugins using known service credential IDs, compromising integrated third-party services.<\/p>\n Broadcom credited Maxime Escourbiac, Yassine Bengana, Quentin Ebel, and their teams at Michelin CERT and Abicom for responsibly disclosing these issues.<\/p>\n These vulnerabilities allow attackers to perform admin-level operations or access sensitive data, even with limited privileges, making them particularly dangerous in enterprise environments where these products are widely deployed.<\/p>\n Resolution and Mitigation<\/strong><\/p>\n Broadcom strongly recommends<\/a> applying the patches listed in the advisory\u2019s response matrix:<\/p>\n Organizations using affected products should prioritize updating to the latest versions to prevent potential exploitation of these vulnerabilities.<\/p>\n For Daily Security Updates! Follow us on\u00a0Google News<\/a>,\u00a0LinkedIn<\/a>, and\u00a0X<\/a>\u00a0<\/strong><\/p>\n The post VMware Aria Operations Vulnerabilities Let Attackers Perform Admin Operations\u00a0<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nCollect Threat Intelligence with\u00a0TI Lookup\u00a0to Improve Your Company\u2019s Security\u00a0-\u00a0Get 50 Free Request<\/a><\/code><\/strong><\/p>\n\n\n
\n Product<\/strong><\/td>\n Fixed Version<\/strong><\/td>\n Severity<\/strong><\/td>\n CVEs Addressed<\/strong><\/td>\n<\/tr>\n \n VMware Aria Operations for Logs<\/td>\n 8.18.3<\/td>\n Important<\/td>\n CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221<\/td>\n<\/tr>\n \n VMware Aria Operations<\/td>\n 8.18.3<\/td>\n Important<\/td>\n CVE-2025-22222<\/td>\n<\/tr>\n \n VMware Cloud Foundation<\/td>\n KB92148<\/td>\n Important<\/td>\n All listed CVEs<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n