By Lerpong Intaraworrapath | April 2nd, 2025
VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
| Advisory ID: | VMSA-2025-0006 |
| Advisory Severity: | Important |
| CVSSv3 Range: | 7.8 |
| Synopsis: | VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231) |
| Issue date: | 2025-04-01 |
| Updated on: | 2025-04-01 (Initial Advisory) |
| CVE(s) | CVE-2025-22231 |
Impacted Products:
- VMware Aria Operations
- VMware Cloud Foundation
- VMware Telco Cloud Platform
- VMware Telco Cloud Infrastructure
Introduction:
A local privilege escalation vulnerability in VMware Aria Operations was responsibly reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
Local Privilege escalation vulnerability (CVE-2025-22231)
Description:
VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors:
A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
Resolution:
To remediate CVE-2025-22231 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.
Notes:
None.
Response Matrix:
| Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Addition Documents |
| VMware Aria Operations | 8.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
| VMware Cloud Foundation | 5.x, 4.x | Any | CVE-2025-22231 | 7.8 | Important | KB article | None | None |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
| VMware Telco Cloud Infrastructure | 3.x, 2.x | Any | CVE-2025-22231 | 7.8 | Important | 8.18 HF 5 | None | None |
References:
Fixed Version(s) and Release Notes:
Downloads and Documentation
- https://support.broadcom.com/web/ecx/solutiondetails?patchId=5817
- https://knowledge.broadcom.com/external/article?articleId=392307
Additional Documentation:
None.
Mitre CVE Dictionary Links:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Change Log:
2025-04-01: VMSA-2025-0006
Initial security advisory.