- 23/2025
- High
VMware has released a security update to address multiple vulnerabilities affecting several VMware products.
The addressed vulnerabilities could allow the remote attacker to gain elevated privileges, perform cross-site scripting attacks, or obtain sensitive information about the affected systems.
Sample of the addressed vulnerabilities:
1. VMware Aria Operations for Logs Information Disclosure Vulnerability (CVE-2025-22218):
- CVSS: 8.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
2. VMware Aria Operations for Logs Stored Cross-Site Scripting Vulnerability (CVE-2025-22219):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Consequences: Cross-Site Scripting
The affected products:
- VMware Aria Operations for logs.
- VMware Aria Operations.
- VMware Cloud Foundation.
Vulnerabilities
- CVE-2025-22218
- CVE-2025-22219
- CVE-2025-22220
- CVE-2025-22221
- CVE-2025-22222
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.