Information Disclosure in VMware Aria Operations
CVE-2025-41245

4.9MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Aria Operations; Vmware Cloud Foundation; Vmware Telco Cloud Platform; Vmware Telco Cloud Infrastructure
Vendor: CVE Published:; 29 September 2025

What is CVE-2025-41245?

VMware Aria Operations has an information disclosure vulnerability that may allow a malicious user with limited privileges to retrieve sensitive credentials of other users. This risk underscores the importance of maintaining rigorous access controls and consistent monitoring of user activities within the application to safeguard against unauthorized information disclosure.

Affected Version(s)

VMware Aria Operations 8.18.x < 8.18.5

VMware Cloud Foundation 5.x < 8.18.5

VMware Cloud Foundation 4.x < 8.18.5

References

http://support.broadcom.com/group/ecx/support-content-vie...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 29, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Vmware

What is CVE-2025-41245?

Affected Version(s)

References

CVSS V3.1

Timeline