Broadcom has addressed five high-severity vulnerabilities in VMware's Aria Operations and Aria Operations for Logs, affecting Cloud Foundation versions 4.x and 5.x. Among them, CVE-2025-22218 is the most serious, allowing authorized users to potentially extract sensitive credentials, while CVE-2025-22222 allows for similar exploits under specific conditions. Users are encouraged to upgrade to version v8.18.3 to mitigate these issues. Although no active exploitation has been reported, the vulnerabilities pose serious risks if accessed through compromised accounts, highlighting the importance of security measures in cloud environments.
A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs.
Updating both products to v8.18.3 will fix the issue. VMware Cloud Foundation users can follow KB92148 to apply the necessary fixes.
Collection
[
|
...
]