Cyber Resilience

CVE-2025-22222

High

Published: 30 January 2025

Published
30 January 2025
Modified
14 May 2025
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0065 71.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-22222 is a high-severity Exposure of Sensitive System Information to an Unauthorized Control Sphere (CWE-497) vulnerability in Vmware Aria Operations. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked in the top 28.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-22222 is an information disclosure vulnerability in VMware Aria Operations. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known. The issue is rated with a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N) and maps to CWE-497.

The vulnerability can be exploited by a malicious user possessing non-administrative privileges and network access to the affected system. Exploitation requires low complexity, no user interaction, and knowledge of a valid service credential ID. Successful attacks enable retrieval of sensitive credentials for outbound plugins, resulting in high confidentiality impact within a scoped environment.

Mitigation details are available in the Broadcom security advisory at https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329.

EU & UK References

Vulnerability details

VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1552 Unsecured Credentials Credential Access
Adversaries may search compromised systems to find and obtain insecurely stored credentials.
Why these techniques?

Vulnerability directly enables unauthorized retrieval of stored service credentials via known ID, facilitating Unsecured Credentials access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-22218Same product: Vmware Cloud Foundation
CVE-2026-22719Same product: Vmware Aria Operations
CVE-2026-22721Same product: Vmware Aria Operations
CVE-2026-22720Same product: Vmware Aria Operations
CVE-2025-22219Same product: Vmware Cloud Foundation
CVE-2026-40981Same vendor: Vmware
CVE-2025-22225Same product: Vmware Cloud Foundation
CVE-2025-22224Same product: Vmware Cloud Foundation
CVE-2025-22226Same product: Vmware Cloud Foundation
CVE-2026-22750Same vendor: Vmware

Affected Assets

vmware
aria operations
8.0 — 8.18.3
vmware
cloud foundation
4.0 — 5.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations to prevent non-administrative users from accessing and retrieving sensitive outbound plugin credentials.

prevent

Applies least privilege to ensure non-administrative users lack the access rights needed to retrieve service credentials even if a valid ID is known.

detect

Monitors for inappropriate or unauthorized disclosures of sensitive credential information, enabling detection of exploitation attempts.

References