VMSA-2025-0006 | VMware Aria Operations

By Lerpong Intaraworrapath | April 2nd, 2025

VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541

Advisory ID: VMSA-2025-0006
Advisory Severity:Important
CVSSv3 Range:7.8
Synopsis:VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
Issue date:2025-04-01
Updated on:2025-04-01 (Initial Advisory)
CVE(s)CVE-2025-22231

Impacted Products:

  • VMware Aria Operations
  • VMware Cloud Foundation
  • VMware Telco Cloud Platform
  • VMware Telco Cloud Infrastructure

Introduction:

A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Local Privilege escalation vulnerability (CVE-2025-22231)

Description:

 VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

Resolution:

To remediate CVE-2025-22231 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.

Notes:

None.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAddition Documents
VMware Aria Operations8.xAny

CVE-2025-222317.8Important8.18 HF 5NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222317.8ImportantKB articleNoneNone
VMware Telco Cloud Platform5.x, 4.x, 3.xAnyCVE-2025-222317.8Important8.18 HF 5NoneNone
VMware Telco Cloud Infrastructure3.x, 2.xAnyCVE-2025-222317.8Important8.18 HF 5NoneNone

References:

Fixed Version(s) and Release Notes:
Downloads and Documentation

Additional Documentation:

None.

Mitre CVE Dictionary Links:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Change Log:

2025-04-01: VMSA-2025-0006
Initial security advisory.

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25541




VMSA-2025-0002 | VMware Avi Load Balancer

By Lerpong Intaraworrapath | March 18th, 2025

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

Advisory ID: VMSA-2025-0002
Severity:Important
CVSSv3 Range:8.6
Synopsis:VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
Issue date:2025-01-28
Updated on:2025-01-28 (Initial Advisory)
CVE(s)CVE-2025-22217

Impacted Products:

  • VMware Avi Load Balancer

Introduction:

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Description:

VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Important severity range with a maximum CVSSv3 base score of 8.6.

Know Attack Vectors:

A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Resolution:

To remediate CVE-2025-22217 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionWorkaroundsAdditional Documents
VMware Avi Load Balancer30.1.1AnyCVE-2025-222178.6Important30.1.2-2p2 NoneNone
VMware Avi Load Balancer30.1.2AnyCVE-2025-222178.6Important30.1.2-2p2 NoneNone
VMware Avi Load Balancer30.2.1AnyCVE-2025-222178.6Important30.2.1-2p5 NoneNone
VMware Avi Load Balancer30.2.2AnyCVE-2025-222178.6Important30.2.2-2p2 NoneNone

References:

Fixed Version(s) and Release Notes:

30.1.1/30.1.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html

30.2.1
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html

30.2.2
https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html

Additional Documentation:

  • Version 22.x and 21.x are not vulnerable.
  • Version 30.1.1 must be upgraded to 30.1.2 or later before the patch can be applied.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22217

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346



VMSA-2025-0001 | VMware Aria Automation

By Lerpong Intaraworrapath | March 11th, 2025

VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

Advisory ID:VMSA-2025-0001
Advisory Severity:Moderate
CVSSv3 Range:4.3
Synopsis:VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
Issue date:2025-01-07
Updated on:2025-01-07
CVE(s)CVE-2025022215

Impacted Products:

  • VMware Aria Automation
  • VMware Cloud Foundation

Introduction:

 A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Descriptions:

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:

A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

Resolution:

To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionsWorkaroundsAdditional Documentations
VMware Aria Automation8.xAnyCVE-2025-222154.3Moderate8.18.1 patch 1NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222154.3ModerateKB 385294NoneNone

References:

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22215

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

VMSA-2023-0007.1 | Upgrading VMware Aria Operations for Logs from 8.10.2 to 8.12.0

By Lerpong Intaraworrapath | September 7th ,2023

The version of the VMware Aria Operations for Logs (previously VMware vRealize Log Insight) program running on the remote system is 8.10.2. As a result, it is vulnerable to a remote code execution vulnerability caused by dangerous deserialization. An unauthenticated, a threat actor with network access to VMware Aria Operations for Logs can exploit this to execute arbitrary code as root.

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

Solution

The issue has been fixed on VMware Aria Operations for Logs 8.12.

How can you update VMware Aria Operations for Logs from 8.10.2 to 8.12.0?

*In this article, we will upgrade a VMware Aria Operations for Logs cluster of three nodes.

1.Download the VMware Aria Operations for Logs version 8.12.0 update file.

https://customerconnect.vmware.com/downloads/details?downloadGroup=OPLOGS-8120&productId=1419&rPId=103833

  • VMware Aria Operations for Logs 8.12 – Upgrade Package
  • VMware-vRealize-Log-Insight-8.12.0-21696970.pak
  • File size: 742.68 MB

2.Take a snapshot of three nodes in VMware Aria Operations for Logs.

3.Log in to VMware Aria Operations and navigate to “Configuration” and “Cluster“.

4.Select “UPGRADE CLUSTER“.

5.Cluster upgrade can only be performed when connected directly to the primary node.

6. You may navigate to “Configuration” and “Cluster” on the primary node, then click “UPGRADE CLUSTER” and choose an upgrade file..

7.Click “UPGRADE

8.Click “ACCEPT“.

This image has an empty alt attribute; its file name is Screen-Shot-2566-09-05-at-13.05.09-1024x875.png

9.Upgrade Log Insight is now progress. (Do not refresh or leave this page)

10.One node of the VMware Aria Operations for Logs cluster has been successfully upgraded.

11.Log in to VMware Aria Operations for Logs master node to verify upgrade status.

  • Node 1 has been completed.
  • Node 2 has been completed.
  • Node 3 has been completed.

12.VMware Aria Operations for Logs has been updated successfully

13.Log in to VMware Aria Operations to verify the version.

14.Check the dashboard and additional integrations.

Reference

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html

https://blogs.vmware.com/management/2023/04/whats-new-in-aria-operations-for-logs-8-12.html

Failed to deploy OVF package Throwable with Proxy enable

By Lerpong Intaraworrapath | July 11th ,2023

After upgrading vCenter Server from 7.0U2 to 7.0U3, I encountered an issue with my customer. They attempted to use vCenter Server to deploy an OVA file. They discovered the following error:

Failed to deploy OVF package.ThrowableProxy.cause A general system error occurred: Transfer failed: Invalid response code: 400, note that HTTP/s proxy is configured for the transfer

vCenter Server version 7.0.3.01400 build 21477706

Below are some additional workarounds.

Option 1 – Deploy through vSphere ESXi host

1.Login directly through vSphere ESXi host.

2.If you connect with your FQDN and you will still be unable to deploy the OVA file. Change the vSphere ESXi host login to an IP address and try again to deploy the OVA file.

Option 2 – Disable proxy setting in vCenter Server

1.In a Web browser, go to the vCenter Server Management Interface, https://appliance-IP-address-or-FQDN:5480.

Note:If you need to make changes to vCenter Server, we recommend taking a snapshot.

2.Login as root.

3.Go to the Networking section.

4.Click EDIT under the Proxy Setting section.

5.Uncheck both HTTPS and HTTP proxy enabled and click SAVE.

6.The OVA file will be successful.

However, we discovered a new issue in which we were unable to enable the proxy and input the proxy server into the proxy settings.

7.We follow the VMware KB81565 to bring proxy configuration back to vCenter Server.

7.1)Change the HTTPS PROXY settings.

7.2)We make a backup of the proxy file.

7.3)Change the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:

HTTPS_PROXY="https://proxy.domain:80/"

to

HTTPS_PROXY="http://proxy.domain:80/"

Note: The proxy URL is determined by your proxy server.

7.4)If you are using a version previous to 7.0 U1, restart the VCSA.Otherwise, use the command to restart services, then logout and log back in:

# service-control --stop --all && service-control --start --all

If the problems persist, we recommend submitting a support request to the VMware support staff.

Announcing VMware Cloud Foundation 5.0

By Lerpong Intaraworrapath | June 30th ,2023

VMware Cloud Foundation 5.0 is now available, as announced by the VMware Cloud Foundation team. This important platform update adds scalability, security, and other critical advancements to handle cloud scale infrastructure as a service (IaaS), easier on-premises cloud deployment, and enhanced cyberattack protection.

Software Building Blocks for the Private Cloud

  • SDDC Manager 5.0 (Cloud Builder 5.0)
  • vSphere 8.0 U1a (ESXi 8.0 U1a, vCenter 8.0 U1a)
  • vSAN 8.0 U1a (vSAN Witness 8.0 U1a)
  • NSX 4.1
  • vRealize Suite Lifecycle Manager* 8.10 Patch 1

SDDC Manager Enhancements

VMware Cloud Foundation 5.0 includes a new capability called Isolated SSO Workload Domains, allow administrators the option to configure new workload domains using a separate Single Sign On (SSO) instance.
This scenario is useful for large enterprises that need workload isolation and for Managed Service Providers (MSPs) who can allocate workload domains to different tenants with their own SSO domains.  Isolated SSO domains are each configured with their own NSX instance. The added benefit is that configuring workload domains as an isolated workload domain also allows the option to configure a separate identity provider (Active Directory or LDAP).

Workload Domain Scaling also increases when using isolated workload domains from 15 to 25 workload domains within a single VMware Cloud Foundation instance. Note that workload domains configured to use the shared management domain SSO are still limited to a maximum of 15 domains.  Additional scaling is made possible through the parallelization of tasks in order to reduce the time to add Workload Domains within a VMware Cloud Foundation instance.

VMware Cloud Foundation Platform and Scaling Enhancements

When one considers all of the new capabilities delivered within VMware Cloud Foundation 5.0, the platform and scale enhancements are probably the most highly anticipated customer feature requests, especially as they continue to scale their production of VMware Cloud Foundation environments.  It is also important to emphasize that upgrades to VMware Cloud Foundation 5.0 are direct, customer led skip-level upgrades from VMware Cloud Foundation versions 4.3, 4.4 and 4.5.

More resources

https://blogs.vmware.com/cloud-foundation/2023/06/01/announcing-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/?p=12521

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-with-vsphere-and-vsan-in-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-with-nsx-in-vmware-cloud-foundation-5-0/

https://blogs.vmware.com/cloud-foundation/2023/06/01/whats-new-in-vrealize-suite-within-vmware-cloud-foundation-5-0/

https://docs.vmware.com/en/VMware-Cloud-Foundation/5.0/rn/vmware-cloud-foundation-50-release-notes/index.html

https://www.vmware.com/products/cloud-foundation.html

https://core.vmware.com/

VMSA-2023-0012 | Aria Operations for Networks (Formerly vRealize Network Insight)

By Lerpong Intaraworrapath | June 15th ,2023

Critical severity

Impacted Products

Aria Operations for Networks (Formerly vRealize Network Insight)

CVE(s)

CVE-2023-20887, CVE-2023-20888, CVE-2023-20889

Synopsis

VMware Aria Operations for Networks updates address multiple vulnerabilities. (CVE-2023-20887, CVE-2023-20888, CVE-2023-20889)

Introduction

Multiple vulnerabilities in Aria Operations for Networks were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations Networks6.xAnyCVE-2023-20887, CVE-2023-20888, CVE-2023-208899.8, 9.1, 8.8CriticalKB92684NoneN/A

References

Fixed Version(s) and Release Notes:

VMware Aria Operations for Networks 6.x HF: KB92684

Change Log

2023-06-07 VMSA-2023-0012

Initial security advisory.

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0012.html

VMSA-2023-0007 | VMware Aria Operations for Logs (formerly vRealize Log Insight)

By Lerpong Intaraworrapath | May 27th ,2023

Critical severity

Impacted Products

VMware Aria Operations for Logs (formerly vRealize Log Insight).

CVE(s)

CVE-2023-20864, CVE-2023-20865

Synopsis

VMware Aria Operations for Logs (Operations for Logs) update addresses multiple vulnerabilities. (CVE-2023-20864, CVE-2023-20865)

Introduction

Multiple vulnerabilities in VMware Aria Operations for Logs were privately reported to VMware. Updates and workarounds are available to address these vulnerabilities in affected VMware products

Response Matrix

ProductVersionRunning OnFixed VersionWorkaroundsAdditional Documentation
VMware Aria Operations for Logs (Operations for Logs)8.10.2, 8.10, 8.8.x,
8.6.x
Any8.12NoneKB91831
VMware Cloud Foundation (VMware Aria Operations for Logs)4.xAnyKB91865KB91865KB91831

Change Log

2023-04-20 VMSA-2023-0007

Initial security advisory

VMware Security Advisories

http://www.vmware.com/security/advisories

https://www.vmware.com/security/advisories/VMSA-2023-0007.html

All products in the cloud management family have been rebranded “VMware Aria”.

By Lerpong Intaraworrapath | April 24th, 2023

VMware has announced the official renaming of all products in our cloud management family to VMware Aria.

What is VMware Aria?

A unified management solution for cloud native applications and multi-cloud.

VMware Aria, a multi-cloud management portfolio that provides a set of end-to-end solutions for managing the cost, performance, configuration, and delivery of infrastructure and applications. Expressly designed for the operational challenges of cloud-native applications and public cloud environments, VMware Aria truly delivers a wholly new perspective on multi-cloud management. 

The VMware Aria Product List

Previous NameNew Name
Automation
vRealize Automation / CloudVMware Aria Automation
VMware Cloud AssemblyVMware Aria Automation Assembler
VMware Service BrokerVMware Aria Automation Service Broker
VMware Code StreamVMware Aria Automation Pipelines
VMware Cloud TemplatesVMware Aria Automation Templates
vRealize OrchestratorVMware Aria Automation Orchestrator
vRealize Automation SaltStack ConfigVMware Aria Automation Config
vRealize Automation SaltStack SecOpsVMware Aria Automation for Secure Hosts
CloudHealth Secure StateVMware Aria Automation for Secure Clouds
Operations
vRealize Operations / CloudVMware Aria Operations
vRealize Log Insight / CloudVMware Aria Operations for Logs
vRealize Network Insight / CloudVMware Aria Operations for Networks
Tanzu Observability by WavefrontVMware Aria Operations for Applications
vRealize True Visibility SuiteVMware Aria Operations for Integrations
Cost
CloudHealthVMware Aria Cost powered by CloudHealth
Suites
vRealize Cloud UniversalVMware Aria Universal Suite
vRealize SuiteVMware Aria Suite
vCloud SuiteVMware vCloud Suite
CloudHealth by VMware SuiteDiscontinued Name
CloudHealth Partner PlatformDiscontinued Name – see Aria Cost powered by CloudHealth
Platform & Cross-Cloud Services
Project EnsembleVMware Aria Hub
NewVMware Aria Graph
vRealize Migration ManagerVMware Aria Migration
vRealize Automation Cloud GuardrailsVMware Aria Guardrails
Project Ensemble InsightsVMware Aria Business Insights
Other
SkylineVMware Skyline
vRealize Suite Lifecycle ManagerVMware Aria Suite Lifecycle
vRealize Cloud Subscription ManagerVMware Aria Hub Subscription
vRealize AI CloudDiscontinued Name – functionality now part of Aria Hub

Reference:

Please see the links listed below for further information about VMware Aria and the portfolio products.

What’s in a Name? Multi-Cloud Management and VMware Aria

Introducing VMware Aria

VMware Aria Hub powered by Aria Graph

Aria Hub Free Tier