VMware Aria Automation: Security vulnerability allows session takeover

Broadcom warns of a high-risk security vulnerability in VMware Aria Automation. Attackers can gain unauthorized access. Updated software is available for download that fixes the vulnerability.

Broadcom provides some information about the vulnerability in a security release. According to this, IT security researcher Bartosz Reginiak discovered a DOM-based cross-site scripting vulnerability in VMware Aria Automation and informed the manufacturer. With this type of vulnerability, code from a link can be executed in the context of a victim due to a lack of filtering of transferred parameters in URLs. However, attackers must first persuade their victims to click on a carefully prepared link.

Cross-site scripting vulnerability leads to access tokens

Attackers can obtain the access token of logged-in users and thus gain unauthorized access to the system. The vulnerability has been assigned the entry CVE-2025-22249 / EUVD-2025-14367. The VMware developers rate the risk as"high" with a CVSS value of 8.2.

In addition to VMware Aria Automation, the vulnerability also affects the VMware Cloud Foundation and VMware Telco Cloud Platform. IT managers must download and apply the available updates to protect against possible attacks. The update to version 8.18.1 patch 2 is available for VMware Aria Automation and VMware Telco Cloud Platform. For the VMware Cloud Foundation, Broadcom links to the release notes of the update to version 8.18.1 Patch 2 –, but the Cloud Foundation is not mentioned at all.

Broadcom last warned of a vulnerability in VMware Aria Operations at the beginning of April. Attackers were able to extend their rights in the system: "Malicious actors can extend their rights to 'root' on the appliance," the developers wrote, without explaining what attacks might look like.

(dmk)