Search criteria
384 vulnerabilities found for cloud_foundation by vmware
FKIE_CVE-2025-41244
Vulnerability from fkie_nvd - Published: 2025-09-29 17:15 - Updated: 2025-11-06 13:58
Severity ?
Summary
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | aria_operations | * | |
| vmware | cloud_foundation | * | |
| vmware | cloud_foundation_operations | 9.0 | |
| vmware | open_vm_tools | * | |
| vmware | open_vm_tools | 13.0.0 | |
| vmware | telco_cloud_infrastructure | * | |
| vmware | telco_cloud_platform | * | |
| vmware | tools | * | |
| vmware | tools | * | |
| linux | linux_kernel | - | |
| microsoft | windows | - | |
| debian | debian_linux | 11.0 |
{
"cisaActionDue": "2025-11-20",
"cisaExploitAdd": "2025-10-30",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BDDD1-DE10-4839-9754-3A0D00F47986",
"versionEndExcluding": "8.18.5",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D1B12C7E-0819-472E-8E79-477B47D603DD",
"versionEndIncluding": "5.2.2",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation_operations:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8C1A33-352A-4F7E-A284-F966F21EB0B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A809AD4-BFBA-4618-84A2-E638C13DC01F",
"versionEndExcluding": "12.5.4",
"versionStartIncluding": "11.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:open_vm_tools:13.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8B48DE-44C4-4581-A52F-5631B0EB33E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C444F9-5647-451F-B239-252841E440C7",
"versionEndExcluding": "5.0.1",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15832760-0347-4BB8-9B78-DE47CBE21957",
"versionEndExcluding": "12.5.4",
"versionStartIncluding": "12.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60F4C0D6-B650-4BE4-9E8F-DBFCFF7D8390",
"versionEndExcluding": "13.0.5.0",
"versionStartIncluding": "13.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"id": "CVE-2025-41244",
"lastModified": "2025-11-06T13:58:13.620",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-09-29T17:15:30.843",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Permissions Required"
],
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-267"
}
],
"source": "security@vmware.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22244
Vulnerability from fkie_nvd - Published: 2025-06-04 20:15 - Updated: 2025-07-14 17:22
Severity ?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | 4.2.2 | |
| vmware | cloud_foundation | * | |
| vmware | telco_cloud_infrastructure | * | |
| vmware | telco_cloud_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA802D68-9739-4EF6-8A2A-841E5A30B747",
"versionEndExcluding": "4.1.2.6",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA245FB-84B8-4B53-8697-029435CD793E",
"versionEndExcluding": "4.2.1.4",
"versionStartIncluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3E4DA6-50BF-402E-AC32-29FB702C23DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A1D50-E58C-4FB4-821E-CB17B4D6170C",
"versionEndIncluding": "5.2.1.2",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E78094-639D-47D6-998B-4EB111E45D18",
"versionEndIncluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation."
},
{
"lang": "es",
"value": "VMware NSX contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el firewall de puerta de enlace debido a una validaci\u00f3n de entrada incorrecta."
}
],
"id": "CVE-2025-22244",
"lastModified": "2025-07-14T17:22:22.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 4.7,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-06-04T20:15:22.263",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22245
Vulnerability from fkie_nvd - Published: 2025-06-04 20:15 - Updated: 2025-07-14 17:22
Severity ?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | 4.2.2 | |
| vmware | cloud_foundation | * | |
| vmware | telco_cloud_infrastructure | * | |
| vmware | telco_cloud_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA802D68-9739-4EF6-8A2A-841E5A30B747",
"versionEndExcluding": "4.1.2.6",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA245FB-84B8-4B53-8697-029435CD793E",
"versionEndExcluding": "4.2.1.4",
"versionStartIncluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3E4DA6-50BF-402E-AC32-29FB702C23DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A1D50-E58C-4FB4-821E-CB17B4D6170C",
"versionEndIncluding": "5.2.1.2",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E78094-639D-47D6-998B-4EB111E45D18",
"versionEndIncluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation."
},
{
"lang": "es",
"value": "VMware NSX contiene una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el puerto del enrutador debido a una validaci\u00f3n de entrada incorrecta."
}
],
"id": "CVE-2025-22245",
"lastModified": "2025-07-14T17:22:07.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-06-04T20:15:22.400",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22243
Vulnerability from fkie_nvd - Published: 2025-06-04 20:15 - Updated: 2025-07-14 17:22
Severity ?
Summary
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | * | |
| broadcom | vmware_nsx | 4.2.2 | |
| vmware | cloud_foundation | * | |
| vmware | telco_cloud_infrastructure | * | |
| vmware | telco_cloud_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA802D68-9739-4EF6-8A2A-841E5A30B747",
"versionEndExcluding": "4.1.2.6",
"versionStartIncluding": "3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA245FB-84B8-4B53-8697-029435CD793E",
"versionEndExcluding": "4.2.1.4",
"versionStartIncluding": "4.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:vmware_nsx:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED3E4DA6-50BF-402E-AC32-29FB702C23DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D2A1D50-E58C-4FB4-821E-CB17B4D6170C",
"versionEndIncluding": "5.2.1.2",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
"versionEndIncluding": "3.0",
"versionStartIncluding": "2.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0E78094-639D-47D6-998B-4EB111E45D18",
"versionEndIncluding": "5.0",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation."
},
{
"lang": "es",
"value": "La interfaz de usuario de VMware NSX Manager es vulnerable a un ataque de Cross-Site Scripting (XSS) almacenado debido a una validaci\u00f3n de entrada incorrecta."
}
],
"id": "CVE-2025-22243",
"lastModified": "2025-07-14T17:22:34.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-06-04T20:15:22.120",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-41231
Vulnerability from fkie_nvd - Published: 2025-05-20 13:15 - Updated: 2025-06-12 16:22
Severity ?
Summary
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | cloud_foundation | * | |
| vmware | cloud_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8638B935-23B6-4588-A25C-E999783F622F",
"versionEndExcluding": "4.5.2",
"versionStartIncluding": "4.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F176521-1515-496F-8D45-C699A89B662C",
"versionEndExcluding": "5.2.1.2",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Cloud Foundation\u00a0contains a missing authorisation vulnerability.\u00a0A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information."
},
{
"lang": "es",
"value": "VMware Cloud Foundation presenta una vulnerabilidad de falta de autorizaci\u00f3n. Un agente malicioso con acceso al dispositivo VMware Cloud Foundation podr\u00eda realizar ciertas acciones no autorizadas y acceder a informaci\u00f3n confidencial limitada."
}
],
"id": "CVE-2025-41231",
"lastModified": "2025-06-12T16:22:47.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.7,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-05-20T13:15:48.103",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22249
Vulnerability from fkie_nvd - Published: 2025-05-13 06:15 - Updated: 2025-07-11 14:27
Severity ?
Summary
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | aria_automation | 8.18.0 | |
| vmware | aria_automation | 8.18.1 | |
| vmware | aria_automation | 8.18.1 | |
| vmware | cloud_foundation | * | |
| vmware | telco_cloud_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_automation:8.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "34CB9DCB-C7F6-48CE-B0CD-510B7E9E52D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:aria_automation:8.18.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BA903210-107C-4005-9EBD-A62609D1081E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:aria_automation:8.18.1:patch1:*:*:*:*:*:*",
"matchCriteriaId": "5495556A-74A4-4FA2-B48F-55E6B0F5875D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E48E9C72-7BD4-4CC7-B44A-B5A017451552",
"versionEndIncluding": "5.2.1",
"versionStartIncluding": "4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3DCC8565-8FB0-4A1D-A761-48B21155A5F6",
"versionEndIncluding": "5.0.1",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.\u00a0A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL."
},
{
"lang": "es",
"value": "La automatizaci\u00f3n de VMware Aria contiene una vulnerabilidad de Cross Site Scripting (XSS) basada en DOM. Un atacante malicioso podr\u00eda aprovechar esta vulnerabilidad para robar el token de acceso de un usuario conectado al dispositivo de automatizaci\u00f3n VMware Aria, enga\u00f1\u00e1ndolo para que haga clic en una URL maliciosa."
}
],
"id": "CVE-2025-22249",
"lastModified": "2025-07-11T14:27:30.537",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-05-13T06:15:36.403",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory",
"Patch"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22224
Vulnerability from fkie_nvd - Published: 2025-03-04 12:15 - Updated: 2025-10-30 19:52
Severity ?
9.3 (Critical) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
Impacted products
{
"cisaActionDue": "2025-03-25",
"cisaExploitAdd": "2025-03-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware ESXi and Workstation TOCTOU Race Condition Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*",
"matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*",
"matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*",
"matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*",
"matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*",
"matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*",
"matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*",
"matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*",
"matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*",
"matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*",
"matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*",
"matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*",
"matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*",
"matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*",
"matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*",
"matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*",
"matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*",
"matchCriteriaId": "BCCA4A31-1291-4FB4-9FA5-D2CCD086D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*",
"matchCriteriaId": "78604FE5-510F-4979-B2E3-D36B3083224A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*",
"matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "6B701151-1B57-4E2D-A9AB-586FACEA2385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*",
"matchCriteriaId": "4230B9AA-9E0C-4AE2-814D-8DD641394879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "F2FA150B-93E4-44D2-BF6D-347085A95776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46A694-8698-4283-9E25-01F222B63E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59B9476F-E5E7-46B6-AC38-4630D0933462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A045567-2563-4539-8E95-361087CB7762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D11103A7-6AB5-4E78-BE11-BC2A04A09F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5F01D7-2675-4D09-B52B-B02D0EF52AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F8D61F-6E8B-4EE3-91DE-EBA6FF7D289E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E94D58-26A0-4E84-8CAD-F8CDB6707642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC33D39A-5760-467E-8284-F4E5D8082BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "448206AA-A023-4AA1-98FD-35BC2A2AB2B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E30F8-B977-40A5-9E45-89B5C5E59170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B84F65-2E52-4445-8F97-2729B84B18E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3124246D-3287-4657-B40D-E7B80A44E7D7",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
},
{
"lang": "es",
"value": "VMware ESXi y Workstation contienen una vulnerabilidad TOCTOU (Time-of-Check Time-of-Use) que provoca una escritura fuera de los l\u00edmites. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede aprovechar este problema para ejecutar c\u00f3digo como el proceso VMX de la m\u00e1quina virtual que se ejecuta en el host."
}
],
"id": "CVE-2025-22224",
"lastModified": "2025-10-30T19:52:49.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-04T12:15:33.687",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22226
Vulnerability from fkie_nvd - Published: 2025-03-04 12:15 - Updated: 2025-10-30 19:52
Severity ?
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
References
Impacted products
{
"cisaActionDue": "2025-03-25",
"cisaExploitAdd": "2025-03-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*",
"matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*",
"matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*",
"matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*",
"matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*",
"matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*",
"matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*",
"matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*",
"matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*",
"matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*",
"matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*",
"matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*",
"matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*",
"matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*",
"matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*",
"matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*",
"matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*",
"matchCriteriaId": "BCCA4A31-1291-4FB4-9FA5-D2CCD086D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*",
"matchCriteriaId": "78604FE5-510F-4979-B2E3-D36B3083224A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*",
"matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "6B701151-1B57-4E2D-A9AB-586FACEA2385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*",
"matchCriteriaId": "4230B9AA-9E0C-4AE2-814D-8DD641394879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "F2FA150B-93E4-44D2-BF6D-347085A95776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F76F8A7-6184-4A39-9FA5-2337CC9D4CB1",
"versionEndExcluding": "13.6.3",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46A694-8698-4283-9E25-01F222B63E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59B9476F-E5E7-46B6-AC38-4630D0933462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A045567-2563-4539-8E95-361087CB7762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D11103A7-6AB5-4E78-BE11-BC2A04A09F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5F01D7-2675-4D09-B52B-B02D0EF52AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F8D61F-6E8B-4EE3-91DE-EBA6FF7D289E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E94D58-26A0-4E84-8CAD-F8CDB6707642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC33D39A-5760-467E-8284-F4E5D8082BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "448206AA-A023-4AA1-98FD-35BC2A2AB2B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E30F8-B977-40A5-9E45-89B5C5E59170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B84F65-2E52-4445-8F97-2729B84B18E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3124246D-3287-4657-B40D-E7B80A44E7D7",
"versionEndExcluding": "17.6.3",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
},
{
"lang": "es",
"value": "VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a una lectura fuera de los l\u00edmites en HGFS. Un actor malintencionado con privilegios administrativos en una m\u00e1quina virtual podr\u00eda aprovechar este problema para filtrar memoria del proceso vmx."
}
],
"id": "CVE-2025-22226",
"lastModified": "2025-10-30T19:52:41.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-04T12:15:33.973",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22225
Vulnerability from fkie_nvd - Published: 2025-03-04 12:15 - Updated: 2025-10-30 19:52
Severity ?
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
8.2 (High) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
References
Impacted products
{
"cisaActionDue": "2025-03-25",
"cisaExploitAdd": "2025-03-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "VMware ESXi Arbitrary Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*",
"matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*",
"matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*",
"matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*",
"matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*",
"matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*",
"matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*",
"matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*",
"matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*",
"matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*",
"matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*",
"matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*",
"matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*",
"matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*",
"matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*",
"matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*",
"matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*",
"matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3q:*:*:*:*:*:*",
"matchCriteriaId": "BCCA4A31-1291-4FB4-9FA5-D2CCD086D660",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3r:*:*:*:*:*:*",
"matchCriteriaId": "78604FE5-510F-4979-B2E3-D36B3083224A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
"matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
"matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
"matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
"matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
"matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
"matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
"matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1d:*:*:*:*:*:*",
"matchCriteriaId": "18FD08C9-5895-4BF4-BBE0-C2DDA5F6B836",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
"matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2b:*:*:*:*:*:*",
"matchCriteriaId": "B16ED7C1-9881-452A-8BE0-EDDEAEFE3D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2c:*:*:*:*:*:*",
"matchCriteriaId": "ED92209F-FBD6-43F9-9A15-3842B139FCC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3:*:*:*:*:*:*",
"matchCriteriaId": "6B701151-1B57-4E2D-A9AB-586FACEA2385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3b:*:*:*:*:*:*",
"matchCriteriaId": "4230B9AA-9E0C-4AE2-814D-8DD641394879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:vmware:esxi:8.0:update_3c:*:*:*:*:*:*",
"matchCriteriaId": "F2FA150B-93E4-44D2-BF6D-347085A95776",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31A7BB38-3238-413E-9736-F1A165D40867",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E46A694-8698-4283-9E25-01F222B63E9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "59B9476F-E5E7-46B6-AC38-4630D0933462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9A045567-2563-4539-8E95-361087CB7762",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D11103A7-6AB5-4E78-BE11-BC2A04A09F19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5F01D7-2675-4D09-B52B-B02D0EF52AEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5F8D61F-6E8B-4EE3-91DE-EBA6FF7D289E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B1E94D58-26A0-4E84-8CAD-F8CDB6707642",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC33D39A-5760-467E-8284-F4E5D8082BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "448206AA-A023-4AA1-98FD-35BC2A2AB2B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F6E30F8-B977-40A5-9E45-89B5C5E59170",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B84F65-2E52-4445-8F97-2729B84B18E3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
},
{
"lang": "es",
"value": "VMware ESXi contiene una vulnerabilidad de escritura arbitraria. Un actor malintencionado con privilegios dentro del proceso VMX puede activar una escritura arbitraria en el kernel que provoque un escape del entorno aislado."
}
],
"id": "CVE-2025-22225",
"lastModified": "2025-10-30T19:52:45.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-04T12:15:33.840",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-123"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22222
Vulnerability from fkie_nvd - Published: 2025-01-30 16:15 - Updated: 2025-05-14 16:47
Severity ?
7.7 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | aria_operations | * | |
| vmware | cloud_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "444E44E3-23E1-4566-BD42-46B57DDC7DD3",
"versionEndExcluding": "8.18.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9",
"versionEndIncluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious user with non-administrative privileges\u00a0may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known."
},
{
"lang": "es",
"value": "VMware Aria Operations contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario malintencionado con privilegios no administrativos puede aprovechar esta vulnerabilidad para recuperar las credenciales de un complemento saliente si se conoce una ID de credencial de servicio v\u00e1lida."
}
],
"id": "CVE-2025-22222",
"lastModified": "2025-05-14T16:47:55.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T16:15:31.367",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-497"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22221
Vulnerability from fkie_nvd - Published: 2025-01-30 16:15 - Updated: 2025-05-14 16:47
Severity ?
5.2 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | aria_operations_for_logs | * | |
| vmware | cloud_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72",
"versionEndExcluding": "8.18.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9",
"versionEndIncluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability.\u00a0A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim\u0027s browser when performing a delete action in the Agent Configuration."
},
{
"lang": "es",
"value": "VMware Aria Operation for Logs contiene una vulnerabilidad Cross-Site Scripting Almacenado. Un actor malintencionado con privilegios de administrador en VMware Aria Operations for Logs podr\u00eda inyectar un script malicioso que podr\u00eda ejecutarse en el navegador de una v\u00edctima al realizar una acci\u00f3n de eliminaci\u00f3n en la configuraci\u00f3n del agente."
}
],
"id": "CVE-2025-22221",
"lastModified": "2025-05-14T16:47:14.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 4.2,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T16:15:31.257",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-22220
Vulnerability from fkie_nvd - Published: 2025-01-30 16:15 - Updated: 2025-05-14 16:46
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Summary
VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | aria_operations_for_logs | * | |
| vmware | cloud_foundation | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations_for_logs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883672C-8E78-4378-9EAB-42A656006A72",
"versionEndExcluding": "8.18.3",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8A0BB4-A21B-4914-8F4B-37D300A4BBB9",
"versionEndIncluding": "5.2",
"versionStartIncluding": "4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "VMware Aria Operations for Logs contains a privilege escalation\u00a0vulnerability.\u00a0A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user."
},
{
"lang": "es",
"value": "VMware Aria Operations for Logs contiene una vulnerabilidad de escalada de privilegios. Un actor malintencionado con privilegios no administrativos y acceso de red a la API de Aria Operations for Logs podr\u00eda realizar determinadas operaciones en el contexto de un usuario administrador."
}
],
"id": "CVE-2025-22220",
"lastModified": "2025-05-14T16:46:59.413",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@vmware.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-01-30T16:15:31.143",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-41244 (GCVE-0-2025-41244)
Vulnerability from cvelistv5 – Published: 2025-09-29 16:09 – Updated: 2025-11-04 21:10
VLAI?
Summary
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Severity ?
7.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VCF operations |
Affected:
9.0.x , < 9.0.1.0
(commercial)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41244",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:00.543163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T22:20:23.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00+00:00",
"value": "CVE-2025-41244 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VCF operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "9.0.1.0",
"status": "affected",
"version": "9.0.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.5.0",
"status": "affected",
"version": "13.x.x.x",
"versionType": "commercial"
},
{
"lessThan": "12.5.4",
"status": "affected",
"version": "12.5.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "8.18.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "3.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "2.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-09-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious local actor with non-administrative privileges having access to a VM with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T16:16:24.967Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41244",
"datePublished": "2025-09-29T16:09:51.871Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2025-11-04T21:10:25.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22245 (GCVE-0-2025-22245)
Vulnerability from cvelistv5 – Published: 2025-06-04 19:32 – Updated: 2025-06-04 20:05
VLAI?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
Severity ?
5.9 (Medium)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in router port
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:04:45.703274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:05:24.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.\u003c/span\u003e"
}
],
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in router port",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:32:42.328Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22245",
"datePublished": "2025-06-04T19:32:42.328Z",
"dateReserved": "2025-01-02T04:30:19.928Z",
"dateUpdated": "2025-06-04T20:05:24.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22244 (GCVE-0-2025-22244)
Vulnerability from cvelistv5 – Published: 2025-06-04 19:32 – Updated: 2025-06-04 20:04
VLAI?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
Severity ?
6.9 (Medium)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:04:14.043348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:04:30.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. \u003c/span\u003e"
}
],
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:32:17.006Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22244",
"datePublished": "2025-06-04T19:32:17.006Z",
"dateReserved": "2025-01-02T04:30:06.834Z",
"dateUpdated": "2025-06-04T20:04:30.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22243 (GCVE-0-2025-22243)
Vulnerability from cvelistv5 – Published: 2025-06-04 19:31 – Updated: 2025-06-04 20:04
VLAI?
Summary
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
Severity ?
7.5 (High)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:03:44.753365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:04:02.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.\u003c/span\u003e"
}
],
"value": "VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:31:36.548Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22243",
"datePublished": "2025-06-04T19:31:36.548Z",
"dateReserved": "2025-01-02T04:30:06.833Z",
"dateUpdated": "2025-06-04T20:04:02.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41231 (GCVE-0-2025-41231)
Vulnerability from cvelistv5 – Published: 2025-05-20 12:54 – Updated: 2025-05-20 13:21
VLAI?
Summary
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
Severity ?
7.3 (High)
CWE
- Missing Authorisation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Cloud Foundation |
Affected:
5.x , < 5.2.1.2
(custom)
Affected: 4.5.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:20:28.602616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:21:18.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.2.1.2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.5.x"
}
]
}
],
"datePublic": "2025-05-20T08:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Cloud Foundation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contains a missing authorisation vulnerability\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Cloud Foundation\u00a0contains a missing authorisation vulnerability.\u00a0A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorisation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T12:54:41.570Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware Cloud Foundation Missing Authorisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41231",
"datePublished": "2025-05-20T12:54:41.570Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-05-20T13:21:18.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22249 (GCVE-0-2025-22249)
Vulnerability from cvelistv5 – Published: 2025-05-13 05:08 – Updated: 2025-05-13 13:49
VLAI?
Summary
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | Vmware Aria Automation |
Affected:
8.18.x , < 8.18.1 patch2
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:49:44.097131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:49:59.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "Vmware Aria Automation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch2",
"status": "affected",
"version": "8.18.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "4.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-12T10:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.\u0026nbsp;\u003cp\u003eA malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.\u003c/p\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.\u00a0A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T05:08:03.265Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22249",
"datePublished": "2025-05-13T05:08:03.265Z",
"dateReserved": "2025-01-02T04:30:19.929Z",
"dateUpdated": "2025-05-13T13:49:59.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from cvelistv5 – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Severity ?
7.1 (High)
CWE
- Information disclosure vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from cvelistv5 – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Severity ?
8.2 (High)
CWE
- Arbitrary write vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from cvelistv5 – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Severity ?
9.3 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41244 (GCVE-0-2025-41244)
Vulnerability from nvd – Published: 2025-09-29 16:09 – Updated: 2025-11-04 21:10
VLAI?
Summary
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Severity ?
7.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | VCF operations |
Affected:
9.0.x , < 9.0.1.0
(commercial)
|
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41244",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-30T03:56:00.543163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-10-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T22:20:23.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit",
"technical-description"
],
"url": "https://blog.nviso.eu/2025/09/29/you-name-it-vmware-elevates-it-cve-2025-41244/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-41244"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-30T00:00:00+00:00",
"value": "CVE-2025-41244 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:10:25.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00000.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/29/10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VCF operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "9.0.1.0",
"status": "affected",
"version": "9.0.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware tools",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.0.5.0",
"status": "affected",
"version": "13.x.x.x",
"versionType": "commercial"
},
{
"lessThan": "12.5.4",
"status": "affected",
"version": "12.5.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Aria Operations",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "8.18.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "5.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "4.x",
"versionType": "commercial"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.5",
"status": "affected",
"version": "3.x",
"versionType": "commercial"
},
{
"lessThan": "8.18.5",
"status": "affected",
"version": "2.x",
"versionType": "commercial"
}
]
}
],
"datePublic": "2025-09-29T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious local actor with non-administrative privileges having access to a VM with \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Tools\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability.\u00a0A malicious local actor with non-administrative privileges having access to a VM with VMware Tools\u00a0installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-267",
"description": "CWE-267",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-29T16:16:24.967Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "http://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41244",
"datePublished": "2025-09-29T16:09:51.871Z",
"dateReserved": "2025-04-16T09:30:17.799Z",
"dateUpdated": "2025-11-04T21:10:25.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22245 (GCVE-0-2025-22245)
Vulnerability from nvd – Published: 2025-06-04 19:32 – Updated: 2025-06-04 20:05
VLAI?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
Severity ?
5.9 (Medium)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in router port
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22245",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:04:45.703274Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:05:24.144Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.\u003c/span\u003e"
}
],
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in router port",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:32:42.328Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22245",
"datePublished": "2025-06-04T19:32:42.328Z",
"dateReserved": "2025-01-02T04:30:19.928Z",
"dateUpdated": "2025-06-04T20:05:24.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22244 (GCVE-0-2025-22244)
Vulnerability from nvd – Published: 2025-06-04 19:32 – Updated: 2025-06-04 20:04
VLAI?
Summary
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
Severity ?
6.9 (Medium)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:04:14.043348Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:04:30.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. \u003c/span\u003e"
}
],
"value": "VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:32:17.006Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22244",
"datePublished": "2025-06-04T19:32:17.006Z",
"dateReserved": "2025-01-02T04:30:06.834Z",
"dateUpdated": "2025-06-04T20:04:30.570Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22243 (GCVE-0-2025-22243)
Vulnerability from nvd – Published: 2025-06-04 19:31 – Updated: 2025-06-04 20:04
VLAI?
Summary
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
Severity ?
7.5 (High)
CWE
- Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | VMware NSX |
Affected:
VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22243",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T20:03:44.753365Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T20:04:02.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware NSX",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "VMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x"
}
]
}
],
"datePublic": "2025-06-04T19:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.\u003c/span\u003e"
}
],
"value": "VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:31:36.548Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22243",
"datePublished": "2025-06-04T19:31:36.548Z",
"dateReserved": "2025-01-02T04:30:06.833Z",
"dateUpdated": "2025-06-04T20:04:02.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41231 (GCVE-0-2025-41231)
Vulnerability from nvd – Published: 2025-05-20 12:54 – Updated: 2025-05-20 13:21
VLAI?
Summary
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
Severity ?
7.3 (High)
CWE
- Missing Authorisation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware Cloud Foundation |
Affected:
5.x , < 5.2.1.2
(custom)
Affected: 4.5.x |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-20T13:20:28.602616Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T13:21:18.807Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"lessThan": "5.2.1.2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"status": "affected",
"version": "4.5.x"
}
]
}
],
"datePublic": "2025-05-20T08:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Cloud Foundation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contains a missing authorisation vulnerability\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e.\u0026nbsp;\u003c/span\u003eA malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Cloud Foundation\u00a0contains a missing authorisation vulnerability.\u00a0A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorisation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-20T12:54:41.570Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMware Cloud Foundation Missing Authorisation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41231",
"datePublished": "2025-05-20T12:54:41.570Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-05-20T13:21:18.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22249 (GCVE-0-2025-22249)
Vulnerability from nvd – Published: 2025-05-13 05:08 – Updated: 2025-05-13 13:49
VLAI?
Summary
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
Severity ?
8.2 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | Vmware Aria Automation |
Affected:
8.18.x , < 8.18.1 patch2
(custom)
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22249",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:49:44.097131Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:49:59.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "Vmware Aria Automation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch2",
"status": "affected",
"version": "8.18.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
},
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "4.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"any"
],
"product": "VMware Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"lessThan": "8.18.1 patch 2",
"status": "affected",
"version": "5.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2025-05-12T10:45:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.\u0026nbsp;\u003cp\u003eA malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.\u003c/p\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability.\u00a0A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T05:08:03.265Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25711"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22249",
"datePublished": "2025-05-13T05:08:03.265Z",
"dateReserved": "2025-01-02T04:30:19.929Z",
"dateUpdated": "2025-05-13T13:49:59.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from nvd – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
Severity ?
7.1 (High)
CWE
- Information disclosure vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from nvd – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
Severity ?
8.2 (High)
CWE
- Arbitrary write vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from nvd – Published: 2025-03-04 11:56 – Updated: 2025-10-21 22:55
VLAI?
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
Severity ?
9.3 (Critical)
CWE
- Heap-overflow vulnerability
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Affected:
8.0 , < ESXi80U3d-24585383
(custom)
Affected: 8.0 , < ESXi80U2d-24585300 (custom) Affected: 7.0 , < ESXi70U3s-24585291 (custom) |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}