Information Disclosure in VMware Aria Operations for Logs
CVE-2025-22218

7.7HIGH

Key Information:

Vendor

Vmware
Status
Vmware Aria Operations For Logs
Vendor
CVE Published:
30 January 2025

Badges

đź“° News Worthy

What is CVE-2025-22218?

VMware Aria Operations for Logs is affected by a vulnerability that allows unauthorized users with View Only Admin permissions to access sensitive credentials of integrated VMware products. This exposure can potentially lead to further exploitation of the system, compromising overall security and integrity.

Affected Version(s)

VMware Aria Operations for Logs any 8.x < 8.18.3

News Articles

favicon imageThe Hacker News

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom patches five VMware Aria Operations flaws, including CVE-2025-22218 (CVSS 8.5), preventing credential leaks and admin privilege abuse in vers

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • đź“°

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.