Vmware Aria Automation vulnerabilities
3 known vulnerabilities affecting vmware/vmware_aria_automation.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-22249HIGHCVSS 8.2≥ 8.18.x, < 8.18.1 patch22025-05-13
CVE-2025-22249 [HIGH] CWE-79 CVE-2025-22249: VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious ac
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
cvelistv5nvd
CVE-2025-22215MEDIUMCVSS 4.3≥ 8.x, < 8.18.1 patch 12025-01-08
CVE-2025-22215 [MEDIUM] CWE-918 CVE-2025-22215: VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious acto
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
cvelistv5nvd
CVE-2024-22280HIGHCVSS 8.1≥ 8.x, < 8.17.02024-07-11
CVE-2024-22280 [HIGH] CWE-89 CVE-2024-22280: VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
cvelistv5nvd