CVE-2025-22215
published 2025-01-08CVE-2025-22215: VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may…
medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vmware_aria_automation | >= 8.x < 8.18.1 patch 1 | 8.18.1 patch 1 |
| vmware | vmware_cloud_foundation | >= 4.x < 8.18.1 patch 1 | 8.18.1 patch 1 |
| vmware | vmware_cloud_foundation | >= 5.x < 8.18.1 patch 1 | 8.18.1 patch 1 |