CVE-2025-22218

CWE-209 CWE-787 — Out-of-bounds Write5 documents5 sources

Severity

7.7HIGH

EPSS

0.5%

top 33.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Aria Operations FOR Logs Vmware Aria Operations FOR Logs Vmware Cloud Foundation

Timeline

PublishedJan 30

Description

VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.8 | Impact: 6.0

Affected Packages3 packages

▶CVEListV5vmware/vmware_aria_operations_for_logs8.x — 8.18.3

▶NVDvmware/aria_operations8.0 — 8.18.3

▶NVDvmware/cloud_foundation4.0 — 5.2

🔴Vulnerability Details

GHSA

GHSA-x379-p5q2-7954: VMware Aria Operations for Logs contains an information disclosure vulnerability↗2025-01-30

▶

CVEList

VMware Aria Operations for Logs information disclosure vulnerability↗2025-01-30

▶

📋Vendor Advisories

Oracle

Oracle Oracle PeopleSoft Risk Matrix: File Processing (libssh2) — CVE-2020-22218↗2025-01-15

▶

Microsoft

An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.↗2023-08-08

▶