First published: Thu Jan 30 2025(Updated: )
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
Credit: security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware vRealize Operations |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2025-22221 is classified as a stored cross-site scripting vulnerability, which can have a significant impact if exploited.
To fix CVE-2025-22221, it is recommended to update VMware Aria Operations for Logs to the latest version that addresses this vulnerability.
CVE-2025-22221 affects users of VMware Aria Operations for Logs who have admin privileges.
CVE-2025-22221 is a stored cross-site scripting vulnerability that allows a malicious actor to inject scripts.
CVE-2025-22221 can be exploited when an admin performs a delete action, potentially executing malicious scripts in a victim's browser.