Stored Cross-Site Scripting Vulnerability in VMware Aria Operations for Logs
CVE-2025-22221

4.8MEDIUM

Key Information:

Vendor

Vmware
Status
Vmware Aria Operations For Logs
Vendor
CVE Published:
30 January 2025

Badges

đź“° News Worthy

What is CVE-2025-22221?

VMware Aria Operations for Logs is susceptible to a stored cross-site scripting vulnerability that allows an attacker with administrative privileges to inject malicious scripts. When a user performs a delete action in the Agent Configuration, these scripts can potentially execute in the victim's browser. This vulnerability poses a significant risk, as it can lead to unauthorized actions and data exposure within the affected application.

Affected Version(s)

VMware Aria Operations for Logs any 8.x < 8.18.3

News Articles

favicon imageThe Register

VMware plugs credential-leaking bugs in Cloud Foundation

Broadcom has fixed five flaws, collectively deemed "high severity," in VMware's IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to...

References

https://support.broadcom.com/web/ecx/support-content-noti...

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • đź“°

    First article discovered by The Register

  • Vulnerability published

  • Vulnerability Reserved

.