cbcvebase.
CVE-2025-22219
published 2025-01-30

CVE-2025-22219: VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to…

critical9CVSS 3.1
AVNACLPRLUIRSCCHIHAH
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.

Affected

4 ranges
VendorProductVersion rangeFixed in
msrccbl2_flac_1.4.3-1_on_cbl_mariner_2.0
vmwarearia_operations_for_logs>= 8.0 < 8.18.38.18.3
vmwarecloud_foundation4.0 – 5.2
vmwarevmware_aria_operations_for_logs>= 8.x < 8.18.38.18.3