July 1, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
PoC Released for macOS Sandbox Escape Vulnerability
May 13, 2025Multiple SAP Products Vulnerabilities
May 13, 2025PoC Released for macOS Sandbox Escape Vulnerability
May 13, 2025Multiple SAP Products Vulnerabilities
May 13, 2025
Severity
High
Analysis Summary
CVE-2025-22249
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-22249
Affected Vendors
VMware
Affected Products
- Vmware Aria Automation - 8.18.0 - 8.18.1
- Vmware Cloud Foundation 4.0 - 8.18.1
- Vmware Cloud Foundation - 5.0 - 8.18.1
- VMware Telco Cloud Platform
Remediation
Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.