By Lerpong Intaraworrapath | 10th April 2025
VMware Cloud Foundation 5.2.1 Poster
https://www.vmware.com/docs/vmw-vcf-5-2-1-poster
VMware Cloud Foundation 5.2.1 Poster
Author: denpiero08
VMSA-2025-0006 | VMware Aria Operations
By Lerpong Intaraworrapath | April 2nd, 2025
VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
| Advisory ID: | VMSA-2025-0006 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 7.8 |
| Synopsis: | VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231) |
| Issue date: | 2025-04-01 |
| Updated on: | 2025-04-01 (Initial Advisory) |
| CVE(s) | CVE-2025-22231 |
Impacted Products:
- VMware Aria Operations
- VMware Cloud Foundation
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
Introduction:
A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Local Privilege escalation vulnerability (CVE-2025-22231)
Description:
VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
Resolution:
To remediate CVE-2025-22231 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.
Notes:
None.
Response Matrix:
| Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Addition Documents |
| VMware Aria Operations | 8.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
| VMware Cloud Foundation | 5.x, 4.x | Any | CVE-2025-22231 | 7.8 | Important | KB article | None | None |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
| VMware Telco Cloud Infrastructure | 3.x, 2.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
References:
Fixed Version(s) and Release Notes:
Downloads and Documentation
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5817
- https://knowledge.broadcom.com/external/article?articleId=392307
Additional Documentation:
None.
Mitre CVE Dictionary Links:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Change Log:
2025-04-01: VMSA-2025-0006
Initial security advisory.
Noted:
VMSA-2025-0002 | VMware Avi Load Balancer
By Lerpong Intaraworrapath | March 18th, 2025
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
| Advisory ID: | VMSA-2025-0002 |
| Severity: | Important |
| CVSSv3 Range: | 8.6 |
| Synopsis: | VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217) |
| Issue date: | 2025-01-28 |
| Updated on: | 2025-01-28 (Initial Advisory) |
| CVE(s) | CVE-2025-22217 |
Impacted Products:
- VMware Avi Load Balancer
Introduction:
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Description:
VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.
Know Attack Vectors:
A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-22217 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Response Matrix:
| Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documents |
| VMware Avi Load Balancer | 30.1.1 | Any | CVE-2025-22217 | 8.6 | Important | 30.1.2-2p2 | None | None |
| VMware Avi Load Balancer | 30.1.2 | Any | CVE-2025-22217 | 8.6 | Important | 30.1.2-2p2 | None | None |
| VMware Avi Load Balancer | 30.2.1 | Any | CVE-2025-22217 | 8.6 | Important | 30.2.1-2p5 | None | None |
| VMware Avi Load Balancer | 30.2.2 | Any | CVE-2025-22217 | 8.6 | Important | 30.2.2-2p2 | None | None |
References:
Fixed Version(s) and Release Notes:
Additional Documentation:
- Version 22.x and 21.x are not vulnerable.
- Version 30.1.1 must be upgraded to 30.1.2 or later before the patch can be applied.
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22217
FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Noted:
VMSA-2025-0001 | VMware Aria Automation
By Lerpong Intaraworrapath | March 11th, 2025
VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
| Advisory ID: | VMSA-2025-0001 |
| Advisory Severity: | Moderate |
| CVSSv3 Range: | 4.3 |
| Synopsis: | VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215) |
| Issue date: | 2025-01-07 |
| Updated on: | 2025-01-07 |
| CVE(s) | CVE-2025022215 |
Impacted Products:
- VMware Aria Automation
- VMware Cloud Foundation
Introduction:
A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Descriptions:
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
Known Attack Vectors:
A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
Resolution:
To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Response Matrix:
| Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Versions | Workarounds | Additional Documentations |
| VMware Aria Automation | 8.x | Any | CVE-2025-22215 | 4.3 | Moderate | 8.18.1 patch 1 | None | None |
| VMware Cloud Foundation | 5.x, 4.x | Any | CVE-2025-22215 | 4.3 | Moderate | KB 385294 | None | None |
References:
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5747
- https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-automation/8-18/vmware-aria-automation-release-notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22215
FIRST CVSSv3 Calculator:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Noted:
VMSA-2023-0007.1 | Upgrading VMware Aria Operations for Logs from 8.10.2 to 8.12.0
By Lerpong Intaraworrapath | September 7th ,2023
The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
Solution
The issue has been fixed on VMware Aria Operations for Logs 8.12.
How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?
*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.
1.Download the VMware Aria Operations for Logs version 8.12.0 update file.
- VMware Aria Operations for Logs 8.12 – Upgrade Package
- VMware-vRealize-Log-Insight-8.12.0-21696970.pak
- File size: 742.68 MB
2.Take a snapshot of three nodes in VMware Aria Operations for Logs.
3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.
4.Select “UPGRADE CLUSTER“.
5.Cluster upgrade can only be performed when connected directly to the primary node.
6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..
7.Click “UPGRADE“
8.Click “ACCEPT“.
9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)
10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.
11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.
- Node 1 has been completed.
- Node 2 has been completed.
- Node 3 has been completed.
12.VMware Aria Operations for Logs has been updated successfully
13.Log in to VMware Aria Operations to verify the version.
14.Check the dashboard and additional integrations.
Reference
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
https://blogs.vmware.com/management/2023/04/whats-new-in-aria-operations-for-logs-8-12.html
Failed to deploy OVF package Throwable with Proxy enable
By Lerpong Intaraworrapath | July 11th ,2023
After upgrading vCenter Server from 7.0U2 to 7.0U3, I encountered an issue with my customer. They attempted to use vCenter Server to deploy an OVA file. They discovered the following error:
“Failed to deploy OVF package.ThrowableProxy.cause A general system error occurred: Transfer failed: Invalid response code: 400, note that HTTP/s proxy is configured for the transfer“
vCenter Server version 7.0.3.01400 build 21477706
Below are some additional workarounds.
Option 1 – Deploy through vSphere ESXi host
1.Login directly through vSphere ESXi host.
2.If you connect with your FQDN and you will still be unable to deploy the OVA file. Change the vSphere ESXi host login to an IP address and try again to deploy the OVA file.
Option 2 – Disable proxy setting in vCenter Server
1.In a Web browser, go to the vCenter Server Management Interface, https://appliance-IP-address-or-FQDN:5480.
Note:If you need to make changes to vCenter Server, we recommend taking a snapshot.
2.Login as root.
3.Go to the Networking section.
4.Click EDIT under the Proxy Setting section.
5.Uncheck both HTTPS and HTTP proxy enabled and click SAVE.
6.The OVA file will be successful.
However, we discovered a new issue in which we were unable to enable the proxy and input the proxy server into the proxy settings.
7.We follow the VMware KB81565 to bring proxy configuration back to vCenter Server.
7.1)Change the HTTPS PROXY settings.
7.2)We make a backup of the proxy file.
7.3)Change the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:
HTTPS_PROXY="https://proxy.domain:80/"
to
HTTPS_PROXY="http://proxy.domain:80/"
Note: The proxy URL is determined by your proxy server.
7.4)If you are using a version previous to 7.0 U1, restart the VCSA.Otherwise, use the command to restart services, then logout and log back in:
# service-control --stop --all && service-control --start --all
If the problems persist, we recommend submitting a support request to the VMware support staff.
Announcing VMware Cloud Foundation 5.0
By Lerpong Intaraworrapath | June 30th ,2023
VMware Cloud Foundation 5.0 is now available, as announced by the VMware Cloud Foundation team. This important platform update adds scalability, security, and other critical advancements to handle cloud scale infrastructure as a service (IaaS), easier on-premises cloud deployment, and enhanced cyberattack protection.
Software Building Blocks for the Private Cloud
- SDDC Manager 5.0 (Cloud Builder 5.0)
- vSphere 8.0 U1a (ESXi 8.0 U1a, vCenter 8.0 U1a)
- vSAN 8.0 U1a (vSAN Witness 8.0 U1a)
- NSX 4.1
- vRealize Suite Lifecycle Manager* 8.10 Patch 1
SDDC Manager Enhancements
VMware Cloud Foundation 5.0 includes a new capability called Isolated SSO Workload Domains, allow administrators the option to configure new workload domains using a separate Single Sign On (SSO) instance.
This scenario is useful for large enterprises that need workload isolation and for Managed Service Providers (MSPs) who can allocate workload domains to different tenants with their own SSO domains. Isolated SSO domains are each configured with their own NSX instance. The added benefit is that configuring workload domains as an isolated workload domain also allows the option to configure a separate identity provider (Active Directory or LDAP).
Workload Domain Scaling also increases when using isolated workload domains from 15 to 25 workload domains within a single VMware Cloud Foundation instance. Note that workload domains configured to use the shared management domain SSO are still limited to a maximum of 15 domains. Additional scaling is made possible through the parallelization of tasks in order to reduce the time to add Workload Domains within a VMware Cloud Foundation instance.
VMware Cloud Foundation Platform and Scaling Enhancements
When one considers all of the new capabilities delivered within VMware Cloud Foundation 5.0, the platform and scale enhancements are probably the most highly anticipated customer feature requests, especially as they continue to scale their production of VMware Cloud Foundation environments. It is also important to emphasize that upgrades to VMware Cloud Foundation 5.0 are direct, customer led skip-level upgrades from VMware Cloud Foundation versions 4.3, 4.4 and 4.5.
More resources
https://blogs.vmware.com/cloud-foundation/2023/06/01/announcing-vmware-cloud-foundation-5-0/
https://blogs.vmware.com/cloud-foundation/?p=12521
VMSA-2023-0012 | Aria Operations for Networks (Formerly vRealize Network Insight)
By Lerpong Intaraworrapath | June 15th ,2023
Critical severity
Impacted Products
Aria Operations for Networks (Formerly vRealize Network Insight)
CVE(s)
CVE-2023-20887, CVE-2023-20888, CVE-2023-20889
Synopsis
VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)
Introduction
Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Aria Operations Networks | 6.x | Any | CVE-2023-20887, CVE-2023-20888, CVE-2023-20889 | 9.8, 9.1, 8.8 | Critical | KB92684 | None | N/A |
References
Fixed Version(s) and Release Notes:
VMware Aria Operations for Networks 6.x HF: KB92684
Change Log
2023-06-07 VMSA-2023-0012
Initial security advisory.
VMware Security Advisories
http://www.vmware.com/security/advisories
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
VMSA-2023-0007 | VMware Aria Operations for Logs (formerly vRealize Log Insight)
By Lerpong Intaraworrapath | May 27th ,2023
Critical severity
Impacted Products
VMware Aria Operations for Logs (formerly vRealize Log Insight).
CVE(s)
CVE-2023-20864, CVE-2023-20865
Synopsis
VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)
Introduction
Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products
Response Matrix
| Product | Version | Running On | Fixed Version | Workarounds | Additional Documentation |
| VMware Aria Operations for Logs (Operations for Logs) | 8.10.2, 8.10, 8.8.x, 8.6.x | Any | 8.12 | None | KB91831 |
| VMware Cloud Foundation (VMware Aria Operations for Logs) | 4.x | Any | KB91865 | KB91865 | KB91831 |
Change Log
2023-04-20 VMSA-2023-0007
Initial security advisory
VMware Security Advisories
http://www.vmware.com/security/advisories
https://www.vmware.com/security/advisories/VMSA-2023-0007.html
All products in the cloud management family have been rebranded “VMware Aria”.
By Lerpong Intaraworrapath | April 24th, 2023
VMware has announced the official renaming of all products in our cloud management family to VMware Aria.
What is VMware Aria?
A unified management solution for cloud native applications and multi-cloud.
VMware Aria, a multi-cloud management portfolio that provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications. Expressly designed for the operational challenges of cloud-native applications and public cloud environments, VMware Aria truly delivers a wholly new perspective on multi-cloud management.
The VMware Aria Product List
| Previous Name | New Name |
| Automation | |
| vRealize Automation / Cloud | VMware Aria Automation |
| VMware Cloud Assembly | VMware Aria Automation Assembler |
| VMware Service Broker | VMware Aria Automation Service Broker |
| VMware Code Stream | VMware Aria Automation Pipelines |
| VMware Cloud Templates | VMware Aria Automation Templates |
| vRealize Orchestrator | VMware Aria Automation Orchestrator |
| vRealize Automation SaltStack Config | VMware Aria Automation Config |
| vRealize Automation SaltStack SecOps | VMware Aria Automation for Secure Hosts |
| CloudHealth Secure State | VMware Aria Automation for Secure Clouds |
| Operations | |
| vRealize Operations / Cloud | VMware Aria Operations |
| vRealize Log Insight / Cloud | VMware Aria Operations for Logs |
| vRealize Network Insight / Cloud | VMware Aria Operations for Networks |
| Tanzu Observability by Wavefront | VMware Aria Operations for Applications |
| vRealize True Visibility Suite | VMware Aria Operations for Integrations |
| Cost | |
| CloudHealth | VMware Aria Cost powered by CloudHealth |
| Suites | |
| vRealize Cloud Universal | VMware Aria Universal Suite |
| vRealize Suite | VMware Aria Suite |
| vCloud Suite | VMware vCloud Suite |
| CloudHealth by VMware Suite | Discontinued Name |
| CloudHealth Partner Platform | Discontinued Name – see Aria Cost powered by CloudHealth |
| Platform & Cross-Cloud Services | |
| Project Ensemble | VMware Aria Hub |
| New | VMware Aria Graph |
| vRealize Migration Manager | VMware Aria Migration |
| vRealize Automation Cloud Guardrails | VMware Aria Guardrails |
| Project Ensemble Insights | VMware Aria Business Insights |
| Other | |
| Skyline | VMware Skyline |
| vRealize Suite Lifecycle Manager | VMware Aria Suite Lifecycle |
| vRealize Cloud Subscription Manager | VMware Aria Hub Subscription |
| vRealize AI Cloud | Discontinued Name – functionality now part of Aria Hub |
Reference:
Please see the links listed below for further information about VMware Aria and the portfolio products.
What’s in a Name? Multi-Cloud Management and VMware Aria