Broadcom has liberated Security updates to pay five security deficiencies that affect VMware ARIA operations and ARIA operations, alerting customers that attackers can use them to receive increased access or receiving secret information.
The list of identified deficiencies affecting versions 8.x software below –
- Cve-2025-2218 (CVSS Assessment: 8.5) – Actor’s Surface ONLY ONLY ONLY ORDERS CAN READ ACCOUNTS VMWAR
- Cve-2025-2219 (CVSS assessment: 6.8)-Conducted actor with non-administrative privileges, perhaps be able to make a malicious scenario that can lead to arbitrary operations as an administrator using the script scenario (XSS)
- Cve-2025-22220 (CVSS assessment: 4.3) – A mirroid actor with non -administrative privileges and network access to ARIA operations for API magazines can perform certain operations in the context of the administrator
- Cve-2025-2221 (CVSS assessment: 5.2) – Charlysti
- Cve-2025-2222 (CVSS assessment: 7.7) – School user with non -administrative privileges can use this vulnerability to get credentials for the output plugin if known
Maxim Escurbiac security researchers from Michelin Certa, and Yasin Benanna and Quentin Ebel with Abicom and part of the Michelin Cert team to identify and notice. It is worth noting that the same team noticed two more disadvantages in one product (Cve-2024-38832 and Cve-2014-3833) At the end of November 2024.
All of the above vulnerabilities were recorded in VMware Aria operations and ARIA operations for version 8.18.3. Virtualization service provider does not mention these problems used in the wild.
Consultatively comes a few days after Broadcom prevent High-speed security lack of VMware Avi Balancer (CVE-2025-2217, CVSS assessment: 8.6), which can be armed with angry subjects to access the database.
