Security Flaws Discovered in VMware Aria Operations

Fri 31st Jan, 2025

Broadcom has issued a warning regarding multiple security vulnerabilities in VMware Aria Operations for Logs and VMware Cloud Foundation, raising concerns over unauthorized access to sensitive information, including user credentials.

According to the security advisory, attackers can exploit these vulnerabilities to extract credentials stored within VMware Aria Operations for Logs, particularly affecting those with read-only administrative rights (CVE-2025-22218, CVSS 8.5, high risk). Additionally, non-administrative users may misuse an information leak to obtain credentials for plugins, provided they possess a valid service access ID (CVE-2025-22222, CVSS 7.7, high risk).

Further vulnerabilities identified include a Stored Cross-Site Scripting (XSS) flaw within VMware Operations for Logs, allowing attackers to inject malicious scripts capable of executing actions with administrative privileges (CVE-2025-22219, CVSS 6.8, medium risk). Another similar vulnerability permits those with admin rights to introduce scripts into the browsers of victims when they initiate a deletion operation within the agent configuration (CVE-2025-22221, CVSS 5.2, medium risk). Also, due to faulty permission checks, non-administrative accounts with network access to the Aria Operations for Logs API can perform certain tasks within the context of an admin user (CVE-2025-22220, CVSS 4.3, medium risk).

To address these vulnerabilities, VMware has released updates for VMware Aria Operations and VMware Aria Operations for Logs, specifically version 8.18.3. Moreover, updates for VMware Cloud Foundation versions 4.x and 5.x were made available on Thursday, deployable via the VMware Aria Suite Lifecycle Manager.

In recent developments, Broadcom had previously alerted VMware administrators about a critical SQL Injection vulnerability in the Avi Load Balancer that enabled attackers to execute unauthorized commands on the database.


More Quick Read Articles »