CVE-2025-22220

MEDIUM 4.3

VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

Vendor	vmware
Product	vmware aria operations for logs
Ecosystems	Virtualization Cloud
Industries	TechnologyEnterprise
Published	Jan 30, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for vmware vmware aria operations for logs

Be the first to know when new medium vulnerabilities affecting vmware vmware aria operations for logs are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

VMware / VMware Aria Operations for Logs

8.x < 8.18.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

support.broadcom.com: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329