The same bug (CVE-2025-22222), within the sense that it requires low privilege for exploitation, is affecting VMware Aria Operations, chargeable for infrastructure monitoring, efficiency optimization, capability planning, automation, and price administration, and has been assigned a CVSS 7.7/10 score.
“A malicious person with non-administrative privileges might exploit this vulnerability to retrieve credentials for an outbound plugin if a legitimate service credential ID is thought,” Broadcom added within the advisory.
The failings reportedly influence VMware Aria operations for Logs model 8.x, VMware Aria Operations model 8.x, and VCF variations 5.x and 4.x. They’ve been mounted in VMware Aria Operations v8.18.3 and VMware Aria Operations for Logs v8.18.3, whereas customers are suggested to comply with KB92148 for fixing affected VCF environments.
