VMware has released patches for multiple high-risk vulnerabilities in its Aria Operations and Aria Operations for Logs products, addressing five security flaws that could allow hackers to gain admin access. The two most severe issues (CVE-2025-22218 and CVE-2025-22222) involve information disclosure bugs that let users elevate their access rights, with one affecting Aria Operations for Logs and the other Aria Operations. The company highlighted CVE-2025-22218 (CVSS score 8.5/10), which allows users with "View Only Admin" permissions to access integrated product credentials. Additional vulnerabilities include stored XSS attacks and broken access control, enabling non-admin users to perform actions as admins. VMware emphasized that there are no workarounds, and patching is necessary to mitigate risks.

‍