{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22218", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:29:30.444Z", "datePublished": "2025-01-30T14:23:01.810Z", "dateUpdated": "2025-03-13T15:14:07.312Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["any"], "product": "VMware Aria Operations for Logs", "vendor": "VMware", "versions": [{"lessThan": "8.18.3", "status": "affected", "version": "8.x", "versionType": "release"}]}], "datePublic": "2025-01-30T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations for Logs contains an information disclosure vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with View Only Admin permissions may be able to read the </span><span style=\"background-color: rgb(255, 255, 255);\">credentials</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;of a VMware product integrated with VMware Aria Operations for Logs</span></span><br>"}], "value": "VMware Aria Operations for Logs contains an information disclosure vulnerability.\u00a0A malicious actor with View Only Admin permissions may be able to read the credentials\u00a0of a VMware product integrated with VMware Aria Operations for Logs"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-01-30T14:23:01.810Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "source": {"discovery": "UNKNOWN"}, "title": "VMware Aria Operations for Logs information disclosure vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-209", "lang": "en", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T14:57:54.947928Z", "id": "CVE-2025-22218", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T15:14:07.312Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22218", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-30T14:57:54.947928Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-209", "description": "CWE-209 Generation of Error Message Containing Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:45:14.101Z"}}], "cna": {"title": "VMware Aria Operations for Logs information disclosure vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "VMware Aria Operations for Logs", "versions": [{"status": "affected", "version": "8.x", "lessThan": "8.18.3", "versionType": "release"}], "platforms": ["any"], "defaultStatus": "unaffected"}], "datePublic": "2025-01-30T14:00:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Aria Operations for Logs contains an information disclosure vulnerability.\u00a0A malicious actor with View Only Admin permissions may be able to read the credentials\u00a0of a VMware product integrated with VMware Aria Operations for Logs", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations for Logs contains an information disclosure vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious actor with View Only Admin permissions may be able to read the </span><span style=\"background-color: rgb(255, 255, 255);\">credentials</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;of a VMware product integrated with VMware Aria Operations for Logs</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-01-30T14:23:01.810Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22218", "state": "PUBLISHED", "dateUpdated": "2025-03-13T15:14:07.312Z", "dateReserved": "2025-01-02T04:29:30.444Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-01-30T14:23:01.810Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*", "matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72", "versionEndExcluding": "8.18.3", "versionStartIncluding": "8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Aria Operations for Logs contains an information disclosure vulnerability.\u00a0A malicious actor with View Only Admin permissions may be able to read the credentials\u00a0of a VMware product integrated with VMware Aria Operations for Logs"}, {"lang": "es", "value": "VMware Aria Operations for Logs contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un actor malintencionado con permisos de administrador de solo lectura podr\u00eda leer las credenciales de un producto VMware integrado con VMware Aria Operations for Logs"}], "id": "CVE-2025-22218", "lastModified": "2025-05-14T16:45:25.693", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-01-30T15:15:18.487", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}