Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

The Hacker News by The Hacker News
January 31, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 31, 2025Ravie LakshmananVulnerability / Data Security

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information.

The list of identified flaws, which impact versions 8.x of the software, is below –

  • CVE-2025-22218 (CVSS score: 8.5) – A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs
  • CVE-2025-22219 (CVSS score: 6.8) – A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack
  • CVE-2025-22220 (CVSS score: 4.3) – A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user
  • CVE-2025-22221 (CVSS score: 5.2) – A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim’s browser when performing a delete action in the Agent Configuration
  • CVE-2025-22222 (CVSS score: 7.7) – A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known
Cybersecurity

Security researchers Maxime Escourbiac from Michelin CERT, and Yassine Bengana and Quentin Ebel from Abicom and part of the Michelin CERT team for detecting and reporting the flaws. It’s worth noting that the same team spotted two other shortcomings in the same product (CVE-2024-38832 and CVE-2024-38833) in late November 2024.

All the aforementioned vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs version 8.18.3. The virtualization services provider makes no mention of these issues being exploited in the wild.

The advisory comes days after Broadcom warned of a high-severity security flaw in VMware Avi Load Balancer (CVE-2025-22217, CVSS score: 8.6) that could be weaponized by malicious actors to gain database access.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Learning Management System (LMS) Market to Grow by USD 79.06 Billion (2024-2028), Adoption of NGDLE in Academic Sector Boosting Growth, with AI Redefining the Market Landscape – Technavio

Learning Management System (LMS) Market to Grow by USD 79.06 Billion (2024-2028), Adoption of NGDLE in Academic Sector Boosting Growth, with AI Redefining the Market Landscape - Technavio

Recommended.

Napster Partners with Fenerbahçe SK to Launch 3D, AI-Powered Virtual Store For its Millions of Global Fans – Exclusively Through Fenerium

Napster Partners with Fenerbahçe SK to Launch 3D, AI-Powered Virtual Store For its Millions of Global Fans – Exclusively Through Fenerium

August 27, 2025
Inside the AI Party at the End of the World

Inside the AI Party at the End of the World

June 11, 2025

Trending.

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

October 6, 2025
Cloud Computing on the Rise: Market Projected to Reach .6 Trillion by 2030

Cloud Computing on the Rise: Market Projected to Reach $1.6 Trillion by 2030

August 1, 2025
Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

July 14, 2025
The Ultimate MSP Guide to Structuring and Selling vCISO Services

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
Translators’ Voices: China shares technological achievements with the world for mutual benefit

Translators’ Voices: China shares technological achievements with the world for mutual benefit

June 3, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio