Summary: VMWare has released critical patches for multiple security vulnerabilities in its Aria Operations and Aria Operations for Logs products, specifically addressing issues that could allow unauthorized admin access. The most severe vulnerabilities disclosed can lead to information disclosure and potential exploitation by non-admin users. Users are urged to apply these updates immediately, as no pre-patch workarounds exist for the outlined risks.
Affected: VMWare Aria Operations, VMWare Aria Operations for Logs
Keypoints :
- Five security defects patched, including two high-risk information disclosure vulnerabilities (CVE-2025-22218 and CVE-2025-22222).
- CVE-2025-22218 has a CVSS severity score of 8.5 and affects users with ‘View Only Admin’ permissions, allowing access to sensitive credentials.
- Moderate-severity issues include stored cross-site scripting (XSS) vulnerabilities and a broken access control flaw that can be exploited by non-admin users.
- No pre-patch workarounds are available, making immediate patch application essential.