Vulnerabilities > CVE-2025-22222 - Unspecified vulnerability in VMWare Aria Operations and Cloud Foundation

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

NVD

Published: 2025-01-30

Updated: 2025-05-14

Summary

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 4.1 Vmware Cloud Foundation 4.1.0.1 Vmware Cloud Foundation 4.2 Vmware Cloud Foundation 4.2.1 Vmware Cloud Foundation 4.3 Vmware Cloud Foundation 4.3.1 Vmware Cloud Foundation 4.3.11 Vmware Cloud Foundation 4.4 Vmware Cloud Foundation 4.4.1 Vmware Cloud Foundation 4.4.1.1 Vmware Cloud Foundation 4.5 Vmware Cloud Foundation 4.5.1 Vmware Cloud Foundation 4.5.2 Vmware Cloud Foundation 5.0 Vmware Cloud Foundation 5.1 Vmware Cloud Foundation 5.1.1 Vmware Aria Operations 8.6.0 Vmware Aria Operations 8.10.0 Vmware Aria Operations 8.12.0 Vmware Aria Operations 8.14.0 Vmware Aria Operations 8.16.0	28

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329