CVE-2025-22219
Published: 30 January 2025
Summary
CVE-2025-22219 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Vmware Aria Operations For Logs. Its CVSS base score is 6.8 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 43.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Validates all inputs to the VMware Aria Operations for Logs application to prevent injection of malicious scripts exploiting the stored XSS vulnerability.
Filters information output prior to display in the web interface to neutralize injected malicious scripts before execution in an admin user's context.
Requires timely remediation of the specific stored XSS flaw in VMware Aria Operations for Logs via vendor patches to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS allows attacker with existing non-admin access to inject/execute malicious JavaScript in admin browser context, directly enabling privilege escalation via exploitation of the web app vulnerability and JavaScript code execution.
NVD Description
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary operations as admin user.
Deeper analysisAI
CVE-2025-22219 is a stored cross-site scripting (XSS) vulnerability, classified under CWE-79, in VMware Aria Operations for Logs. Published on 2025-01-30, it carries a CVSS v3.1 base score of 6.8 (AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). The flaw allows a malicious actor with non-administrative privileges to inject a malicious script that enables stored XSS attacks.
An attacker requires non-administrative privileges on the affected system to exploit this vulnerability over the network with low complexity. Exploitation depends on user interaction, typically an administrative user viewing or interacting with the injected content, after which the malicious script executes in the admin's context. Successful exploitation can lead to arbitrary operations as the admin user, resulting in high confidentiality, integrity, and availability impacts.
The Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329 provides further details on the vulnerability, including recommended mitigations and patches.
Details
- CWE(s)