CVE-2025-41245

Description

VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

VMware / VMware Aria Operations8.18.x – 8.18.5
VMware / VMware Cloud Foundation4.x – 8.18.5
VMware / VMware Cloud Foundation5.x – 8.18.5
VMware / VMware Telco Cloud Infrastructure3.x – 8.18.5
VMware / VMware Telco Cloud Infrastructure2.x – 8.18.5
VMware / VMware Telco Cloud Platform5.x – 8.18.5
VMware / VMware Telco Cloud Platform4.x – 8.18.5

References

VENDOR_ADVISORYhttp://support.broadcom.com/group/ecx/support-content-view/-/support-content/Security%20Advisories/VMSA-2025-0015--VMware-Aria-Operations-and-VMware-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41244-CVE-2025-41245--CVE-2025-41246-/36149