CVE-2025-22231 HIGH

CVE-2025-22231: VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)

Vendor Vmware
Product VMware Aria operations
Published April 1, 2025
Last update April 1, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

Key dates

02Disclosure timeline

April 1, 2025 CVE published
April 1, 2025 Record updated