An identical bug (CVE-2025-22222), within the sense that it requires low privilege for exploitation, is affecting VMware Aria Operations, accountable for infrastructure monitoring, efficiency optimization, capability planning, automation, and price administration, and has been assigned a CVSS 7.7/10 ranking.
“A malicious consumer with non-administrative privileges could exploit this vulnerability to retrieve credentials for an outbound plugin if a sound service credential ID is understood,” Broadcom added within the advisory.
The failings reportedly impression VMware Aria operations for Logs model 8.x, VMware Aria Operations model 8.x, and VCF variations 5.x and 4.x. They’ve been mounted in VMware Aria Operations v8.18.3 and VMware Aria Operations for Logs v8.18.3, whereas customers are suggested to comply with KB92148 for fixing affected VCF environments.
