Security Flaws Detected in VMware Aria Operations
Broadcom has announced the release of critical security updates addressing five vulnerabilities within VMware Aria Operations and Aria Operations for Logs. Industry experts are raising alarms about the potential for these flaws to be exploited by malicious actors seeking unauthorized access or sensitive data. The flaws are particularly relevant to businesses utilizing version 8.x of the software.
Among the vulnerabilities identified, CVE-2025-22218 poses a significant threat. It allows individuals with View Only Admin permissions to read the credentials of a VMware product linked to VMware Aria Operations for Logs. This could undermine the security of integrated systems, making it easier for attackers to gain higher privileges. Another notable vulnerability, CVE-2025-22219, allows users with non-administrative privileges to inject a malicious script through stored cross-site scripting (XSS), enabling them to execute arbitrary operations as admin users. This denotes a concerning potential for privilege escalation, a common tactic used in cyberattacks.
Further complicating the security landscape, CVE-2025-22220 enables a non-administrator with network access to the Aria Operations for Logs API to perform operations as an admin user. Moreover, CVE-2025-22221 allows an individual with admin access to inject scripts that could execute in a victim’s browser, especially during actions such as deleting configurations. Lastly, CVE-2025-22222 could be exploited by users with limited privileges to retrieve sensitive credentials related to outbound plugins if they possess a valid service credential ID.
The vulnerabilities were uncovered by security researchers affiliated with Michelin CERT and Abicom, underlining the ongoing collaboration between cybersecurity teams to enhance overall security posture. Previous alerts regarding similar flaws, such as CVE-2024-38832 and CVE-2024-38833 from late 2024, reflect a continual threat model surrounding VMware products.
All identified vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs version 8.18.3. Notably, Broadcom has not reported any incidents of these issues being actively exploited in the wild, but the advisory comes closely on the heels of warnings regarding a separate high-severity flaw in VMware Avi Load Balancer (CVE-2025-22217). This underscores a broader trend of vulnerabilities surfacing in VMware products, necessitating vigilant monitoring and prompt action by businesses.
In the context of the MITRE ATT&CK framework, these vulnerabilities highlight various adversary tactics, such as privilege escalation, initial access, and execution, which are crucial for understanding the methods that could any potential attacks leverage. As businesses navigate this evolving landscape, awareness of such vulnerabilities and proactive security measures remain paramount.
This advisory serves as an essential reminder of the risks associated with software vulnerabilities, emphasizing the need for organizations to stay informed and take immediate precautions to protect their data integrity and operational capabilities.
