VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 14 May 2025 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware aria Operations For Logs
Vmware cloud Foundation
CPEs cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware aria Operations For Logs
Vmware cloud Foundation

Thu, 13 Mar 2025 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-79
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 30 Jan 2025 15:45:00 +0000

Type Values Removed Values Added
Description VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
Title VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2025-03-13T18:03:28.501Z

Reserved: 2025-01-02T04:29:30.444Z

Link: CVE-2025-22219

cve-icon Vulnrichment

Updated: 2025-02-12T19:45:03.592Z

cve-icon NVD

Status : Analyzed

Published: 2025-01-30T16:15:31.013

Modified: 2025-05-14T16:46:17.393

Link: CVE-2025-22219

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.