CVE-2025-22249 – VMware Aria Automation Vulnerability

Severity

High

Analysis Summary

CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Impact

Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2025-22249

Affected Vendors

VMware

Affected Products

Vmware Aria Automation - 8.18.0 - 8.18.1
Vmware Cloud Foundation 4.0 - 8.18.1
Vmware Cloud Foundation - 5.0 - 8.18.1
VMware Telco Cloud Platform

Remediation

Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.

VMware Security Advisory

PoC Released for macOS Sandbox Escape Vulnerability

Multiple SAP Products Vulnerabilities

CVE-2025-22249 – VMware Aria Automation Vulnerability

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan