{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-22222", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-01-02T04:29:30.444Z", "datePublished": "2025-01-30T15:32:00.829Z", "dateUpdated": "2025-03-13T14:47:01.654Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["any"], "product": "VMware Aria Operations", "vendor": "VMware", "versions": [{"lessThan": "8.18.3", "status": "affected", "version": "8.x", "versionType": "release"}]}], "datePublic": "2025-01-30T14:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations contains an information disclosure vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious user with non-administrative </span><span style=\"background-color: rgb(255, 255, 255);\">privileges</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.</span></span><br>"}], "value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious user with non-administrative privileges\u00a0may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-01-30T15:32:00.829Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "source": {"discovery": "UNKNOWN"}, "title": "VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-497", "lang": "en", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-30T16:35:03.995156Z", "id": "CVE-2025-22222", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T14:47:01.654Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-22222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-30T16:35:03.995156Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-497", "description": "CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-12T19:44:52.104Z"}}], "cna": {"title": "VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "VMware Aria Operations", "versions": [{"status": "affected", "version": "8.x", "lessThan": "8.18.3", "versionType": "release"}], "platforms": ["any"], "defaultStatus": "unaffected"}], "datePublic": "2025-01-30T14:00:00.000Z", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious user with non-administrative privileges\u00a0may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Aria Operations contains an information disclosure vulnerability.&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">A malicious user with non-administrative </span><span style=\"background-color: rgb(255, 255, 255);\">privileges</span><span style=\"background-color: rgb(255, 255, 255);\">&nbsp;may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-01-30T15:32:00.829Z"}}}, "cveMetadata": {"cveId": "CVE-2025-22222", "state": "PUBLISHED", "dateUpdated": "2025-03-13T14:47:01.654Z", "dateReserved": "2025-01-02T04:29:30.444Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-01-30T15:32:00.829Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Aria Operations contains an information disclosure vulnerability.\u00a0A malicious user with non-administrative privileges\u00a0may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known."}, {"lang": "es", "value": "VMware Aria Operations contiene una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n. Un usuario malintencionado con privilegios no administrativos puede aprovechar esta vulnerabilidad para recuperar las credenciales de un complemento saliente si se conoce una ID de credencial de servicio v\u00e1lida."}], "id": "CVE-2025-22222", "lastModified": "2025-03-13T15:15:52.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2025-01-30T16:15:31.367", "references": [{"source": "security@vmware.com", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-497"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}