- Description
- VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to access Aria Operations may leverage this vulnerability to obtain administrative access in VMware Aria Operations. To remediate CVE-2026-22721, apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in VMSA-2026-0001 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 .
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- aria_operations, cloud_foundation, telco_cloud_infrastructure, telco_cloud_platform
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@vmware.com
- CWE-269
- Hype score
- Not currently trending
🛑 VMware Aria Operations flaws enable credential theft and privilege esca… CVE-2025-41245 and CVE-2026-22721 let low-privileged users escalate and extract credentials… 🔗 Details → https://t.co/1FOYVkQ9ND
@lucasverdan
19 Mar 2026
81 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
For defenders, vmware aria operations flaws enable credential theft and privil… should move fast. CVE-2025-41245 and CVE-2026-22721 let low-privileged users escalate and extract credentials… 🔗 Details → https://t.co/cphYxtRnfH
@SocXAInvaders
18 Mar 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Legacy exposure keeps paying off for attackers. VMware Aria Operations flaws enable credential theft and… CVE-2025-41245 and CVE-2026-22721 let low-privileged users escalate and extract credentials… 🔗 Read → https://t.co/ulAB9QtEPK
@fynn_JourX
18 Mar 2026
22 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-41245 / CVE-2026-22721 VMware Aria Operations that enable credential disclosure and privilege escalation. Attackers with limited access can escalate privileges and gain administrative control over the infrastructure monitoring platform. https://t.co/w34I1JBGu7 https://t
@bytecodevm
18 Mar 2026
206 Impressions
0 Retweets
0 Likes
3 Bookmarks
0 Replies
0 Quotes
VMware Aria Ops flaws (CVE-2025-41245 / CVE-2026-22721) allow privilege escalation from vCenter user → full admin, enabling credential theft (vCenter, VIDM, VCD) and takeover of connected environments; patch available, disable vCenter login if exposed https://t.co/Mpo85PtXqP
@VivekIntel
18 Mar 2026
99 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilities in Broadcom VMware Aria Operations: Privilege Escalation (CVE-2025-41245 / CVE-2026-22721) https://t.co/ZVWk1K1c2R
@Dinosn
18 Mar 2026
1290 Impressions
6 Retweets
8 Likes
3 Bookmarks
0 Replies
0 Quotes
Vulnerabilities in Broadcom VMware Aria Operations: Privilege Escalation (CVE-2025-41245 / CVE-2026-22721), via @Insinuator https://t.co/SO7UC5jkjK
@Enno_Insinuator
18 Mar 2026
1146 Impressions
5 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6748CC5F-63A6-459A-A0B4-D12A149AD2DB",
"versionEndExcluding": "8.18.6",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16C87F30-12CA-43F5-9057-BBE32666A515",
"versionEndExcluding": "5.2.3",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11F5C577-620E-4BD7-9429-E2FDC70D6667",
"versionEndExcluding": "9.0.2.0",
"versionStartIncluding": "9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A8AE269-DD3E-4A60-91C1-D5C1FEAF0CF4",
"versionEndIncluding": "5.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]