CVE-2025-22219

CWE-79 — Cross-site Scripting (XSS)CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

9.0CRITICAL

EPSS

0.2%

top 56.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Aria Operations FOR Logs Vmware Aria Operations FOR Logs Vmware Cloud Foundation

Timeline

PublishedJan 30

Description

VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5vmware/vmware_aria_operations_for_logs8.x — 8.18.3

▶NVDvmware/aria_operations8.0 — 8.18.3

▶NVDvmware/cloud_foundation4.0 — 5.2

🔴Vulnerability Details

GHSA

GHSA-j5gv-mwmr-ppp5: VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability↗2025-01-30

▶

CVEList

VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)↗2025-01-30

▶

📋Vendor Advisories

Microsoft

Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.↗2023-08-08

▶