CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

CVSS v3.0 5.4 MEDIUM

5.4^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:aria_operations_for_logs::::::::

History

14 May 2025, 16:46

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 - Vendor Advisory
CPE		cpe:2.3:a:vmware:aria_operations_for_logs:::::::: cpe:2.3:a:vmware:cloud_foundation::::::::
First Time		Vmware Vmware cloud Foundation Vmware aria Operations For Logs
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4

30 Jan 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 16:15

Updated : 2025-05-14 16:46

NVD link : CVE-2025-22220

Mitre link : CVE-2025-22220

JSON object : View

Products Affected

vmware

cloud_foundation
aria_operations_for_logs

CWE

No CWE.

5.4 /10