Broadcom has addressed multiple vulnerabilities in its VMware Aria Operations for Logs and VMware Aria Operations products. 

These vulnerabilities, identified as CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, and CVE-2025-22222, pose significant risks, including unauthorized access to sensitive data and privilege escalation. 

The vulnerabilities affect the following VMware products:

• VMware Aria Operations for Logs (version 8.x)
• VMware Aria Operations (version 8.x)
• VMware Cloud Foundation (versions 4.x and 5.x)

Vulnerabilities Overview

Credential Exposure via Improper Access Controls (CVE-2025-22218)

The most severe flaw, rated 8.5 CVSSv3, allows attackers with View Only Admin permissions to access credentials of integrated VMware products. 

This vulnerability in Aria Operations for Logs could expose authentication details for linked services like vSphere or NSX, enabling lateral movement in compromised networks.

Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

Stored XSS-to-Admin Takeover Chain (CVE-2025-22219, CVE-2025-22221)

Two cross-site scripting (XSS) vulnerabilities (CVSS 6.8 and 5.2) enable privilege escalation through crafted payloads.  Attackers with basic privileges could inject malicious scripts into log management interfaces, potentially hijacking admin sessions. 

Notably, CVE-2025-22221 requires admin privileges but could propagate malware via agent configurations.

Logs broken access control vulnerability (CVE-2025-22220)

This moderate-severity flaw (CVSS 4.3) permits non-admin users with network access to the Aria Operations for Logs API to execute admin-level operations, potentially modifying audit trails or exfiltrating sensitive log data.

Information disclosure vulnerability (CVE-2025-22222)

Aria Operations contains a 7.7 CVSS-rated information disclosure flaw where non-admin users could retrieve credentials for outbound plugins using known service credential IDs, compromising integrated third-party services.

Broadcom credited Maxime Escourbiac, Yassine Bengana, Quentin Ebel, and their teams at Michelin CERT and Abicom for responsibly disclosing these issues.

These vulnerabilities allow attackers to perform admin-level operations or access sensitive data, even with limited privileges, making them particularly dangerous in enterprise environments where these products are widely deployed.

Resolution and Mitigation

Broadcom strongly recommends applying the patches listed in the advisory’s response matrix:

Organizations using affected products should prioritize updating to the latest versions to prevent potential exploitation of these vulnerabilities.

For Daily Security Updates! Follow us on Google News, LinkedIn, and X