Category: VMware Cloud Foudation

VMSA-2025-0015: VMware Aria Operations and VMware Tools

By Lerpong Intaraworrpath | October 4th, 2025

VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

Advisory ID: VMSA-2025-0015
Advisory Severity:Important
CVSSv3 Range:4.9 -7.8
Synopsis:VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246)
Issue date:2025-09-29
Updated on:2025-09-29 (Initial Advisory)
CVE(s)CVE-2025-41244, CVE-2025-41245, CVE-2025-41246

Impacted Products:

  • VMware Aria Operations – version 8.x
  • VMware Tools – 13.x.x, 12.x.x, 11.x.x
  • VMware Cloud Foundation – 5.x, 4.x, 9.x.x.x
  • VMware Telco Cloud Platform – 5.x, 4.x
  • VMware Telco Cloud Infrastructure – 3.x, 2.x

Introduction

Multiple vulnerabilities in VMware Aria Operations and VMware Tools were privately reported to Broadcom. Patches are available to remediate these vulnerabilities in affected Broadcom products.

A.Local privilege escalation vulnerability (CVE-2025-41244)

B.VMware Aria Operations Information disclosure vulnerability (CVE-2025-41245)

C.VMware Tools improper authorisation vulnerability (CVE-2025-41246)

Reference

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149

VMware Cloud Foundation Architecture Poster

By Lerpong Intaraworrapath | 7th August 2025

VMware Cloud Foundation Architecture Poster

The VMware Cloud Foundation (VCF) Architecture poster has been updated and includes many of the new advancements introduced with the release of VCF 9. It provides a visual guide that outlines the key components and architecture that enable a software-defined data center (SDDC) and cloud operating model.

https://blogs.vmware.com/cloud-foundation/2025/08/04/vmware-cloud-foundation-architecture-poster

Download the VMware Cloud Foundation Architecture poster.

VMware Cloud Foundation 9

By Lerpong Intaraworrapath | 2nd July 2025

As of today, VMware Cloud Foundation 9.0 is generally available.

VMware Cloud Foundation 9 (VCF 9) is being developed with the intention of simplifying how businesses deploy and manage contemporary infrastructure. It will enable enterprises to manage their whole infrastructure as a single, integrated system.

What’s New in VMware Cloud Foundation 9.0

https://blogs.vmware.com/cloud-foundation/2025/06/17/whats-new-in-vmware-cloud-foundation-9-0

Introducing VMware Cloud Foundation 9

https://blogs.vmware.com/cloud-foundation/2024/08/27/vmware-cloud-foundation-9

Broadcom TechDocs

https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0.html

VMSA-2025-0001 | VMware Aria Automation

By Lerpong Intaraworrapath | March 11th, 2025

VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312

Advisory ID:VMSA-2025-0001
Advisory Severity:Moderate
CVSSv3 Range:4.3
Synopsis:VMware Aria Automation update addresses a server side request forgery vulnerability (CVE-2025-22215)
Issue date:2025-01-07
Updated on:2025-01-07
CVE(s)CVE-2025022215

Impacted Products:

  • VMware Aria Automation
  • VMware Cloud Foundation

Introduction:

 A server-side request forgery (SSRF) vulnerability in VMware Aria Automation was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. 

Descriptions:

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.

Known Attack Vectors:

A malicious actor with “Organization Member” access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

Resolution:

To remediate CVE-2025-22215 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionRunning OnCVECVSSv3SeverityFixed VersionsWorkaroundsAdditional Documentations
VMware Aria Automation8.xAnyCVE-2025-222154.3Moderate8.18.1 patch 1NoneNone
VMware Cloud Foundation5.x, 4.xAnyCVE-2025-222154.3ModerateKB 385294NoneNone

References:

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22215

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Noted:

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312