CVE-2025-41245

MEDIUM

VMware Aria Operations - Info Disclosure

Title source: llm

Description

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

References (1)

[Various Sources] http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149

Scores

CVSS v3 4.9

EPSS 0.0006

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1188

Status published

Products (7)

VMware/VMware Aria Operations 8.18.x - 8.18.5

VMware/VMware Cloud Foundation 4.x - 8.18.5

VMware/VMware Cloud Foundation 5.x - 8.18.5

VMware/VMware Telco Cloud Infrastructure 2.x - 8.18.5

VMware/VMware Telco Cloud Infrastructure 3.x - 8.18.5

VMware/VMware Telco Cloud Platform 4.x - 8.18.5

VMware/VMware Telco Cloud Platform 5.x - 8.18.5

Published Sep 29, 2025

Tracked Since Feb 18, 2026