CVE-2025-22249 | THREATINT

Description

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

PUBLISHED Reserved 2025-01-02 | Published 2025-05-13 | Updated 2025-05-13 | Assigner vmware

HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Product status

Default status

unaffected

8.18.x (custom) before 8.18.1 patch2

affected

Default status

unaffected

5.x (custom) before 8.18.1 patch 2

affected

4.x (custom) before 8.18.1 patch 2

affected

Default status

unaffected

5.x (custom) before 8.18.1 patch 2

affected

References

support.broadcom.com/...l/content/SecurityAdvisories/0/25711

cve.org (CVE-2025-22249)

nvd.nist.gov (CVE-2025-22249)

Download JSON

help @ threatint.eu