CVE-2025-22220

Published Jan 30, 2025

Last updated 7 days ago

CVSS medium 4.3

Overview

Description: VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
Source: security@vmware.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-269

Hype score: Not currently trending

🔴 VMware Aria Operations for Logs, Privilege Escalation, #CVE-2025-22220 (Critical) https://t.co/rL7w2no0u5
@dailycve
14 May 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72",
            "versionEndExcluding": "8.18.3",
            "versionStartIncluding": "8.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9",
            "versionEndIncluding": "5.2",
            "versionStartIncluding": "4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References