High severity8.2NVD Advisory· Published May 13, 2025· Updated Jun 17, 2026
CVE-2025-22249
CVE-2025-22249
Description
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4(expand)+ 1 more
- (no CPE)
- (no CPE)range: 8.18.x
- Range: 5.x
- VMware/VMware Telco Cloud Platformv5Range: 5.x
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.