CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

CVSS v3 5.2 MEDIUM

5.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:aria_operations_for_logs::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

History

14 May 2025, 16:47

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 - Vendor Advisory
CPE		cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:a:vmware:aria_operations_for_logs::::::::
First Time		Vmware aria Operations For Logs Vmware Vmware cloud Foundation

13 Mar 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-79
Summary		(es) VMware Aria Operation for Logs contiene una vulnerabilidad Cross-Site Scripting Almacenado. Un actor malintencionado con privilegios de administrador en VMware Aria Operations for Logs podría inyectar un script malicioso que podría ejecutarse en el navegador de una víctima al realizar una acción de eliminación en la configuración del agente.

30 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 16:15

Updated : 2025-05-14 16:47

NVD link : CVE-2025-22221

Mitre link : CVE-2025-22221

CVE.ORG link : CVE-2025-22221

JSON object : View

Products Affected

vmware

cloud_foundation
aria_operations_for_logs

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2025-22221", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 0.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.7}]}, "published": "2025-01-30T16:15:31.257", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration."}, {"lang": "es", "value": "VMware Aria Operation for Logs contiene una vulnerabilidad Cross-Site Scripting Almacenado. Un actor malintencionado con privilegios de administrador en VMware Aria Operations for Logs podr\u00eda inyectar un script malicioso que podr\u00eda ejecutarse en el navegador de una v\u00edctima al realizar una acci\u00f3n de eliminaci\u00f3n en la configuraci\u00f3n del agente."}], "lastModified": "2025-05-14T16:47:14.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72", "versionEndExcluding": "8.18.3", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}