It seems like these vulnerabilities will never end, but here is another one that VIAdmins need to give attention to. This new high severity vulnerability affects two of the Aria products across the Aria solution line, including: VMware Aria Operations for Logs and VMware Aria Operations and since these are included in VCF, it also affects VCF.
What can the vulnerabilities lead to? Note the following that are listed in the official VMSA thredย
- information disclosure, privilege escalation, and cross-site scripting (XSS) attacks
Note the following affected vulnerabilities:
🔴 Affected Vulnerabilities
| CVE ID | Impact | CVSS Score | Description |
|---|---|---|---|
| CVE-2025-22218 | Information Disclosure | 8.5 (High) | Attackers with View Only Admin permissions can read stored credentials. |
| CVE-2025-22219 | Stored Cross-Site Scripting (XSS) | 6.8 (Moderate) | Non-admin users can inject scripts, leading to arbitrary operations as an admin. |
| CVE-2025-22220 | Broken Access Control | 4.3 (Moderate) | Non-admin users can execute privileged API operations as an admin. |
| CVE-2025-22221 | Stored Cross-Site Scripting (XSS) | 5.2 (Moderate) | Admins can inject scripts that execute when performing delete actions. |
| CVE-2025-22222 | Information Disclosure | 7.7 (High) | Attackers can retrieve credentials for outbound plugins if they know a valid service credential ID. |
🛠️ Resolution: Apply Security Patches ASAP
As a note, there are no workarounds. Here are the patched versions:
- VMware Aria Operations for Logs: 8.18.3
- VMware Aria Operations: 8.18.3
- VMware Cloud Foundation: KB92148
🔗 Patch Links & Documentation:
For the deets on the info, you can see the official advisory here:
ย