VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

VMware Aria Suite

3 more products

25541

01 April 2025

01 April 2025

OPEN

HIGH

7.8

CVE-2025-22231

 

 

Advisory ID: 

VMSA-2025-0006

Advisory Severity: Important
CVSSv3 Range: 7.8
Synopsis: VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
Issue date: 2025-04-01
Updated on: 2025-04-01 (Initial Advisory)
CVE(s) CVE-2025-22231

1. Impacted Products

  • VMware Aria Operations
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

2. Introduction

A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

3. Local Privilege escalation vulnerability (CVE-2025-22231)

Description:

 VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

Resolution:
To remediate CVE-2025-22231 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Notes:
None.

Response Matrix:

Product

Version

Running On

CVE
CVSSv3

Severity

Fixed Version

Workarounds

Additional Documents

VMware Aria Operations 8.x Any CVE-2025-22231 7.8 Important

8.18 HF 5

None None
VMware Cloud Foundation 5.x,4.x Any CVE-2025-22231 7.8 Important KB article None None
VMware Telco Cloud Platform 5.x, 4.x, 3.x Any CVE-2025-22231 7.8 Important 8.18 HF 5 None None
VMware Telco Cloud Infrastructure 3.x, 2.x Any CVE-2025-22231 7.8 Important 8.18 HF 5 None None

4. References:

Fixed Version(s) and Release Notes:

Downloads and Documentation

https://support.broadcom.com/web/ecx/solutiondetails?patchId=5817

https://knowledge.broadcom.com/external/article?articleId=392307

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22231

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log:

2025-04-01: VMSA-2025-0006
Initial security advisory.

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom All rights reserved.