Attacks on VMware Aria Operations observed
The IT security authority CISA warns of ongoing attacks on VMware Aria Operations. Available updates help against them.
(Image: amgun/ Shutterstock.com)
The US cybersecurity authority CISA warns of observed attacks on a vulnerability in VMware Aria Operations and on Qualcomm processors of Android devices. Admins of VMware Aria Operations can help themselves by applying updates; updates are also available for some vulnerable Android devices.
CISA added the two attacked vulnerabilities to the “Known Exploited Vulnerabilities” catalog (KEV) on Wednesday night this week. One of the vulnerabilities affects the Qualcomm processors of Android mobile devices. Attackers can exploit a “memory corruption while using alignments for memory allocation” – such memory errors can often lead to the execution of injected malicious code (CVE-2026-21385, CVSS 7.8, Risk “high”). However, since CISA provides no information on how the attacks are carried out, it is unclear to what extent the attacks are ongoing. Google also admitted the exploitation of the vulnerability on Tuesday this week for the Android patch day, but here too any details are missing. The vulnerabilities are intended to close Android security patch levels 2026-03-01 and 2026-03-05.
Vulnerability in VMware Aria Operations attacked
Last week, Broadcom published a warning concerning security leaks in VMware Aria Operations. The software is also used in Cloud Foundation, Telco Cloud Platform, Telco Cloud Infrastructure, and vSphere Foundation, making them vulnerable as well.
Videos by heise
CISA now reports attacks on a vulnerability that allows unauthenticated actors to execute arbitrary commands and subsequently arbitrary malicious code from the network in VMware Aria Operations. However, the software must be in a support-supported product migration status for this (CVE-2026-22719, CVSS 8.1, Risk “high”). It is unclear whether attackers can bring the software into this status themselves. Broadcom has updated its warning and added that the company is aware of reports that the vulnerability is being attacked in the wild. However, it cannot independently verify their truthfulness. Regardless of Broadcom's assessment, admins should apply the available updates quickly to reduce the attack surface of their IT infrastructure.
(dmk)
