Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

Broadcom has released critical security updates to address five vulnerabilities affecting VMware Aria Operations and Aria Operations for Logs. If exploited, these flaws could allow attackers to escalate privileges, steal credentials, or execute malicious scripts.

Breakdown of the Security Flaws

The vulnerabilities impact VMware Aria Operations for Logs (versions 8.x) and have been assigned the following CVEs:

?? CVE-2025-22218 (CVSS 8.5 – High)

• Impact: Allows attackers with View Only Admin permissions to read credentials of VMware products integrated with Aria Operations for Logs.

?? CVE-2025-22219 (CVSS 6.8 – Medium)

• Impact: Attackers with non-admin privileges can inject stored cross-site scripting (XSS), leading to arbitrary admin-level operations.

?? CVE-2025-22220 (CVSS 4.3 – Low)

• Impact: Attackers with network access to the API can perform admin-level operations under certain conditions.

?? CVE-2025-22221 (CVSS 5.2 – Medium)

• Impact: Admins can be tricked into executing malicious scripts when deleting agent configurations.

?? CVE-2025-22222 (CVSS 7.7 – High)

• Impact: Attackers with non-admin privileges can retrieve credentials for an outbound plugin if they know a valid service credential ID.

Who Discovered These Flaws? The vulnerabilities were reported by Maxime Escourbiac, Yassine Bengana, and Quentin Ebel from Michelin CERT and Abicom. Notably, the same team had identified two other flaws (CVE-2024-38832 and CVE-2024-38833) in November 2024.

Patch Availability & Mitigation

Fixed Versions: VMware Aria Operations and Aria Operations for Logs 8.18.3 ?? Action Required: Organizations should apply the latest updates immediately to protect against exploitation.

Broadcom has not reported any active attacks leveraging these vulnerabilities in the wild. However, given the risk of credential theft and privilege escalation, defenders should act swiftly.

Broader Security Concerns

This advisory follows Broadcom’s recent warning about CVE-2025-22217 (CVSS 8.6), a high-severity flaw in VMware Avi Load Balancer that could grant attackers database access.

As VMware products remain a frequent target for cybercriminals, proactive patching and continuous monitoring are essential.

Actionable Recommendations

?? Update Immediately: Deploy VMware Aria Operations 8.18.3 and monitor for signs of exploitation.

?? Review Access Controls: Limit admin privileges and regularly audit user permissions.

?? Monitor for Anomalous Activity: Watch for unauthorized API calls and unexpected credential access.

?? Harden Web Applications: Implement security headers and input validation to mitigate XSS risks.

The rapid identification and disclosure of these flaws highlight the importance of collaboration between security researchers and vendors in strengthening cybersecurity defenses.

Final Thoughts

Patch fatigue is real, but leaving these vulnerabilities unpatched exposes organizations to credential theft and admin takeover risks. Stay ahead by applying updates before attackers weaponize these flaws!

Stay vigilant, stay informed, and keep defending!

DeCyberGuardian??????