HomeVmwareCVE-2025-22221

CVE-2025-22221

MEDIUM
5.2CVSS
Published: 2025-01-30
Updated: 2025-05-14
AI Analysis

Description

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Attack Vector
network
Complexity
low
Privileges
high
User Action
required
Scope
unchanged
Confidentiality
high
Integrity
low
Availability
none
Weaknesses
CWE-79

Metadata

Primary Vendor
VMWARE
Published
1/30/2025
Last Modified
5/14/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

vmware : aria_operations_for_logsvmware : cloud_foundation

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2025-22221 | MEDIUM Severity | CVEDatabase.com | CVEDatabase.com