CVE-2025-22218

CVE-2025-22218 is an information disclosure vulnerability (CWE-209) in VMware Aria Operations for Logs. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs. The vulnerability carries a CVSS v3.1 base score of 8.5 (AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H) and was published on 2025-01-30.

Attackers require View Only Admin permissions (low privilege requirement) to exploit this issue remotely over the network, though it demands high attack complexity and no user interaction. Successful exploitation allows disclosure of sensitive credentials from integrated VMware products, with cross-scope impact that could enable broader compromise given the high confidentiality, integrity, and availability effects rated in the CVSS vector.

Security practitioners should consult the Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 for details on patches, workarounds, and mitigation guidance.