CVE-2025-22219

CRITICAL EPSS 46.2%

Published Jan 30, 20251y ago · Modified Jun 17, 20261w ago

9.0 CVSS 3.1

Critical

Published Jan 30, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

CVSS Details

Base Score

9.0

Exploitability

2.3

Impact

6.0

Vector string

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction Required

Scope Changed

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

46.2% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 2

Vendor	Product	Version	Range
vmware	aria_operations_for_logs	*	≥8.0 – <8.18.3
vmware	cloud_foundation	*	≥4.0 – ≤5.2

References 1

support.broadcom.com https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.