Stored Cross-Site Scripting Vulnerability in VMware Aria Operations for Logs
CVE-2025-22221

5.2MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations For Logs
Vendor: CVE Published:; 30 January 2025

Badges

📰 News Worthy

Summary

VMware Aria Operations for Logs is susceptible to a stored cross-site scripting vulnerability that allows an attacker with administrative privileges to inject malicious scripts. When a user performs a delete action in the Agent Configuration, these scripts can potentially execute in the victim's browser. This vulnerability poses a significant risk, as it can lead to unauthorized actions and data exposure within the affected application.

Affected Version(s)

VMware Aria Operations for Logs any 8.x < 8.18.3

News Articles

The Register

CVE-2025-22219 CVE-2025-22221

VMware plugs credential-leaking bugs in Cloud Foundation

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...

3 weeks ago

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:

5.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Timeline

📰
First article discovered by The Register
Jan 30, 2025
Vulnerability published
Jan 30, 2025
Vulnerability Reserved
Jan 2, 2025

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

VMware plugs credential-leaking bugs in Cloud Foundation

References

CVSS V3.1

Timeline