VMware Aria Operations: Vulnerability allows privilege escalation

Broadcom warns of a high-risk security vulnerability in VMware Aria Operations. Attackers can use it to extend their rights in the system.

The VMware developers discuss the vulnerability in a security release. According to this, a local privilege escalation vulnerability was reported to VMware in a “Responsible Disclosure”. “Malicious actors can escalate their privileges to 'root' on the appliance running VMware Aria Operations”, the company explains (CVE-2025-22231, CVSS 7.8, risk “high”).

Details unclear

Broadcom does not describe in the security advisory what attacks would look like, what exactly the vulnerability is, or how admins can recognize attempted attacks and successful attacks. There are also no temporary countermeasures. Nevertheless, the vulnerability does not appear to have been attacked by criminals yet, as the manufacturer does not mention this.

The vulnerability affects VMware Aria Operations 8.x, version 8.18 HF 5 fixes it. For VMware Cloud Foundation 4.cx and 5.x, the manufacturer provides a knowledgebase article to solve the problem. Anyone using VMware Telco Cloud Platform or Infrastructure – regardless of whether 2.x, 3.x, 4.x or 5.x – should also patch the vulnerability with the update to version 8.18 HF 5.

The update is available for download on a dedicated download page at Broadcom. According to the release notes, the update corrects further errors and seals various other security gaps, some of which are older. In particular, the update corrects various security-relevant errors in third-party components such as 7-Zip, Bash, the Gnu-C library, RPM, XZ-Utils and others. Admins should therefore apply the update quickly.

Around a month ago, Broadcom had to warn of a critical security vulnerability in VMware ESXi, Fusion, and Workstation. Attackers had already attacked them in the wild.

(dmk)