Vmware Telco Cloud Platform vulnerabilities

5 known vulnerabilities affecting vmware/vmware_telco_cloud_platform.

Total CVEs
5
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4

Vulnerabilities

Page 1 of 1
CVE-2026-22720CRITICALCVSS 9.0≥ 4.0, < 5.2.32026-02-25
CVE-2026-22720 [HIGH] CWE-79 CVE-2026-22720: VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create custom benchmarks may be able to inject script to perform administrative actions in VMware Aria Operations. To remediate CVE-2026-22720, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' of VMSA-2026-000
cvelistv5nvd
CVE-2026-22721HIGHCVSS 7.2≥ 4.0, < 5.2.32026-02-25
CVE-2026-22721 [MEDIUM] CWE-269 CVE-2026-22721: VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privile VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in V
cvelistv5nvd
CVE-2025-41245HIGHCVSS 7.8≥ 5.x, < 8.18.5≥ 4.x, < 8.18.52025-09-29
CVE-2025-41245 [HIGH] CWE-1188 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to
cvelistv5
CVE-2025-41244HIGHCVSS 7.8KEV≥ 5.x, < 8.18.5≥ 4.x, < 8.18.52025-09-29
CVE-2025-41244 [HIGH] CWE-267 CVE-2025-41244: VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malici VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
cvelistv5nvd
CVE-2025-22249HIGHCVSS 8.2≥ 5.x, < 8.18.1 patch 22025-05-13
CVE-2025-22249 [HIGH] CWE-79 CVE-2025-22249: VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious ac VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
cvelistv5nvd