CVE-2025-22220

CWE-269Improper Privilege Management3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 64.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware Vmware Aria Operations FOR LogsVmware Aria Operations FOR LogsVmware Cloud Foundation
Timeline
PublishedJan 30

Description

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

CVEListV5vmware/vmware_aria_operations_for_logs8.x8.18.3
NVDvmware/aria_operations8.08.18.3
NVDvmware/cloud_foundation4.05.2

🔴Vulnerability Details

2
CVEList
VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)2025-01-30
GHSA
GHSA-m777-hj92-cw6q: VMware Aria Operations for Logs contains a privilege escalation vulnerability2025-01-30
CVE-2025-22220 (MEDIUM CVSS 5.4) | VMware Aria Operations for Logs con | cvebase.io