CVE-2025-22221

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Published Jan 30, 2025

Summary

CVE-2025-22221 is a stored cross-site scripting (XSS) vulnerability affecting VMware Aria Operations for Logs. An attacker with administrative privileges can exploit this flaw to inject malicious scripts into the application. During a delete action in the Agent Configuration, victims' browsers may execute the malicious code, leading to potential security breaches. Successful exploitation could result in unauthorized access or data theft. Users are urged to update their VMware Aria Operations for Logs installations as soon as patches become available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2GwjFy
https://www.cve.org/CVERecord?id=CVE-2025-22221
https://nvd.nist.gov/vuln/detail/CVE-2025-22221

Back to Vulnerability Database

CVE-2025-22221

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations