CVE-2025-22220 MEDIUM

CVE-2025-22220: VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)

Vendor Vmware
Product VMware Aria Operations for Logs
Published January 30, 2025
Last update February 26, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user.

Key dates

02Disclosure timeline

January 30, 2025 CVE published
February 26, 2026 Record updated