CVE-2025-22222

CWE-497 CWE-8354 documents4 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 29.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Aria Operations Vmware Aria Operations Vmware Cloud Foundation

Timeline

PublishedJan 30

Description

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

▶NVDvmware/aria_operations8.0 — 8.18.3

▶CVEListV5vmware/vmware_aria_operations8.x — 8.18.3

▶NVDvmware/cloud_foundation4.0 — 5.2

🔴Vulnerability Details

CVEList

VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)↗2025-01-30

▶

GHSA

GHSA-9h7m-pf82-g666: VMware Aria Operations contains an information disclosure vulnerability↗2025-01-30

▶

📋Vendor Advisories

Microsoft

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file↗2021-06-08

▶