VMware Aria Operations for Logs information disclosure vulnerability

Vulnerability

CVE-2025-22218 is an information disclosure vulnerability in VMware Aria Operations for Logs. A malicious actor with View Only Admin permissions can exploit this flaw to read the credentials of a VMware product that is integrated with VMware Aria Operations for Logs. The vulnerability affects all versions prior to the fixed releases; the advisory [1] provides the specific version matrix.

Exploitation

Exploitation requires the attacker to already have a valid user account with View Only Admin privileges on a vulnerable instance of VMware Aria Operations for Logs. No additional authentication is needed beyond those role-based permissions. The attacker can then query the affected functionality in the product to retrieve credentials of the integrated VMware product.

Impact

Successful exploitation results in the disclosure of credentials belonging to a VMware product integrated with VMware Aria Operations for Logs. This information disclosure could lead to unauthorized access to the integrated product and further compromise of the VMware environment [1].

Mitigation

Broadcom VMware has released patches to fix CVE-2025-22218 as part of VMSA-2025-0003. The fixed versions are listed in the Response Matrix of the advisory [1]. VMware Aria Operations for Logs versions 8.18.4 and later contain the fix. No workarounds are available. Users should apply the patches as soon as possible to mitigate this vulnerability [1].