Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-22221

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

Published

2025-01-30T16:15:31.257

Last Modified

2025-05-14T16:47:14.977

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.2 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware aria_operations_for_logs < 8.18.3 Yes
Application vmware cloud_foundation ≤ 5.2 Yes
References