CVE-2025-22215Server-Side Request Forgery in Vmware Aria Automation

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 57.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Aria AutomationVmware Cloud Foundation
Timeline
PublishedJan 8

Description

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5vmware/vmware_aria_automation8.x8.18.1 patch 1
CVEListV5vmware/vmware_cloud_foundation5.x8.18.1 patch 1+1

🔴Vulnerability Details

2
GHSA
GHSA-wgc3-34qh-3h44: VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability2025-01-08
CVEList
VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)2025-01-08
CVE-2025-22215 — Server-Side Request Forgery in Vmware | cvebase