Aria Operations For Logs
CVE-2025-22221
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
AnalysisAI
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. Affected products include: Vmware Aria Operations For Logs, Vmware Cloud Foundation.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Aria Operations For Logs
View allVMware Aria Operations for Logs contains a deserialization vulnerability. Rated critical severity (CVSS 9.8), this vulne
VMware Aria Operations for Logs contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), thi
VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerabi
VMware Aria Operations for Logs contains a command injection vulnerability. Rated high severity (CVSS 7.2), this vulnera
VMware Aria Operations for Logs contains a privilege escalation vulnerability. Rated medium severity (CVSS 4.3), this vu
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.8),
VMware Aria Operations for Logs contains an information disclosure vulnerability. Rated high severity (CVSS 8.5), this v
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today