CVE-2025-22249: VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-22249

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

Source: NVD (National Vulnerability Database)

Vulnerability Description

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

VMware Aria Automation 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

VMware Aria Automation是美国威睿（VMware）公司的一个现代工作流自动化平台，可简化并自动执行复杂的数据中心基础架构任务，以提高可延展性和敏捷性。 VMware Aria Automation存在安全漏洞，该漏洞源于DOM型跨站脚本，可能导致访问令牌窃取。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE
VMware	Vmware Aria Automation	8.18.x ~ 8.18.1 patch2	-
VMware	VMware Cloud Foundation	5.x ~ 8.18.1 patch 2	-
VMware	VMware Telco Cloud Platform	5.x ~ 8.18.1 patch 2	-

II. Public POCs for CVE-2025-22249

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-22249

Please Login to view more intelligence information

https://nvd.nist.gov/vuln/detail/CVE-2025-22249

IV. Related Vulnerabilities

Same product: Vmware Aria Automation

Same vendor: VMware

V. Comments for CVE-2025-22249

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-22249

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-22249

III. Intelligence Information for CVE-2025-22249

IV. Related Vulnerabilities

V. Comments for CVE-2025-22249

Leave a comment