CVE-2025-22221

MEDIUM

VMware Aria Operation for Logs - XSS

Title source: llm

Description

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

References (1)

Scores

CVSS v3 5.2
EPSS 0.0017
EPSS Percentile 38.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

vmware/aria_operations_for_logs < 8.18.3
vmware/cloud_foundation < 5.2

Timeline

Published Jan 30, 2025
Tracked Since Feb 18, 2026