CVE-2025-22218

CVSS v3 8.5 HIGH

8.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

V

Mware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:aria_operations_for_logs::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

History

14 May 2025, 16:45

Type	Values Removed	Values Added
First Time		Vmware aria Operations For Logs Vmware Vmware cloud Foundation
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 - Vendor Advisory
CPE		cpe:2.3:a:vmware:cloud_foundation:::::::: cpe:2.3:a:vmware:aria_operations_for_logs::::::::

13 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) VMware Aria Operations for Logs contiene una vulnerabilidad de divulgación de información. Un actor malintencionado con permisos de administrador de solo lectura podría leer las credenciales de un producto VMware integrado con VMware Aria Operations for Logs
CWE		CWE-209

30 Jan 2025, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-30 15:15

Updated : 2025-05-14 16:45

NVD link : CVE-2025-22218

Mitre link : CVE-2025-22218

CVE.ORG link : CVE-2025-22218

JSON object : View

Products Affected

CWE

CWE-209

Generation of Error Message Containing Sensitive Information

{"id": "CVE-2025-22218", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2025-01-30T15:15:18.487", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "VMware Aria Operations for Logs contains an information disclosure vulnerability.\u00a0A malicious actor with View Only Admin permissions may be able to read the credentials\u00a0of a VMware product integrated with VMware Aria Operations for Logs"}, {"lang": "es", "value": "VMware Aria Operations for Logs contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un actor malintencionado con permisos de administrador de solo lectura podr\u00eda leer las credenciales de un producto VMware integrado con VMware Aria Operations for Logs"}], "lastModified": "2025-05-14T16:45:25.693", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72", "versionEndExcluding": "8.18.3", "versionStartIncluding": "8.0"}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9", "versionEndIncluding": "5.2", "versionStartIncluding": "4.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}