Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Avatar
Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below – CVE-2025-22218 (CVSS score: 8.5) – A malicious actor with View Only Admin
[[{“value”:”

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.

The list of identified flaws, which impact versions 8.x of the software, is below –

CVE-2025-22218 (CVSS score: 8.5) – A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
CVE-2025-22219 (CVSS score: 6.8) – A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack
CVE-2025-22220 (CVSS score: 4.3) – A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user
CVE-2025-22221 (CVSS score: 5.2) – A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim’s browser when performing a delete action in the Agent Configuration
CVE-2025-22222 (CVSS score: 7.7) – A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known

Security researchers Maxime Escourbiac from Michelin CERT, and Yassine Bengana and Quentin Ebel from Abicom and part of the Michelin CERT team for detecting and reporting the flaws. It’s worth noting that the same team spotted two other shortcomings in the same product (CVE-2024-38832 and CVE-2024-38833) in late November 2024.

All the aforementioned vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs version 8.18.3. The virtualization services provider makes no mention of these issues being exploited in the wild.

The advisory comes days after Broadcom warned of a high-severity security flaw in VMware Avi Load Balancer (CVE-2025-22217, CVSS score: 8.6) that could be weaponized by malicious actors to gain database access.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

“}]] The Hacker News 

Total
0
Shares
Previous Post

Ransomware attack on New York Blood Center forces workarounds, drive cancellations

Next Post

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

Related Posts

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including
Avatar
Read More

Webinar: Learn How to Stop Encrypted Attacks Before They Cost You Millions

Ransomware isn’t slowing down—it’s getting smarter. Encryption, designed to keep our online lives secure, is now being weaponized by cybercriminals to hide malware, steal data, and avoid detection.The result? A 10.3% surge in encrypted attacks over the past year and some of the most shocking ransom payouts in history, including a $75 million ransom in 2024. Are you prepared to fight back? Join
Avatar
Read More