CVE-2025-22219
Published: 30 January 2025
Summary
CVE-2025-22219 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Vmware Aria Operations For Logs. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2025-22219 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in VMware Aria Operations for Logs. Published on 2025-01-30, it carries a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). The flaw allows a malicious actor with non-administrative privileges to inject a malicious script that enables stored XSS attacks.
An attacker requires non-administrative privileges on the affected system to exploit this vulnerability over the network with low complexity. Exploitation depends on user interaction, typically an administrative user viewing or interacting with the injected content, after which the malicious script executes in the admin's context. Successful exploitation can lead to arbitrary operations as the admin user, resulting in high confidentiality, integrity, and availability impacts.
The Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 provides further details on the vulnerability, including recommended mitigations and patches.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2675
Vulnerability details
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS allows attacker with existing non-admin access to inject/execute malicious JavaScript in admin browser context, directly enabling privilege escalation via exploitation of the web app vulnerability and JavaScript code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Validates all inputs to the VMware Aria Operations for Logs application to prevent injection of malicious scripts exploiting the stored XSS vulnerability.
Filters information output prior to display in the web interface to neutralize injected malicious scripts before execution in an admin user's context.
Requires timely remediation of the specific stored XSS flaw in VMware Aria Operations for Logs via vendor patches to eliminate the vulnerability.