CVE-2025-22220 - Vulnerability Details

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Vmware	Aria Operations For Logs Cloud Foundation

Configuration 1 [-]

OR	cpe:2.3:a:vmware:aria_operations_for_logs::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

No data.

References

Link	Providers
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329

History

Wed, 14 May 2025 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Vmware Vmware aria Operations For Logs Vmware cloud Foundation
CPEs		cpe:2.3:a:vmware:aria_operations_for_logs:::::::: cpe:2.3:a:vmware:cloud_foundation::::::::
Vendors & Products		Vmware Vmware aria Operations For Logs Vmware cloud Foundation

Thu, 06 Feb 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 30 Jan 2025 15:45:00 +0000

Type	Values Removed	Values Added
Description		VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
Title		VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)
References		https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2025-01-30T15:28:13.266Z

Updated: 2025-02-06T14:06:04.836Z

Reserved: 2025-01-02T04:29:30.444Z

Link: CVE-2025-22220

Vulnrichment

Updated: 2025-02-06T14:05:56.664Z

NVD

Status : Analyzed

Published: 2025-01-30T16:15:31.143

Modified: 2025-05-14T16:46:59.413

Link: CVE-2025-22220

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object