Photo credit: www.csoonline.com

VMware Aria Operations Vulnerability Discovered

A recent security bulletin has revealed a vulnerability affecting VMware Aria Operations, a vital tool for infrastructure monitoring and performance management. This flaw has been assigned the identifier CVE-2025-22222 and carries a CVSS score of 7.7 out of 10, indicating a medium to high level of risk.

According to an advisory from Broadcom, the vulnerability can be exploited by users with non-administrative privileges. Specifically, if an attacker possesses a valid service credential ID, they may be able to retrieve sensitive credentials from an outbound plugin. This situation could potentially lead to unauthorized access and compromise of systems.

The impacted products include VMware Aria Operations for Logs version 8.x, VMware Aria Operations version 8.x, as well as VMware Cloud Foundation (VCF) versions 5.x and 4.x. Broadcom has released patches to resolve these issues, which are included in VMware Aria Operations v8.18.3 and VMware Aria Operations for Logs v8.18.3.

Organizations using the affected versions are strongly encouraged to implement the latest updates. Additionally, users can consult the remediation guidance provided in KB92148 for instructions on how to secure their VCF environments.

Source
www.csoonline.com