Release Notes
| Product | Version | Release Date | Download | Release Notes |
|---|---|---|---|---|
| Aria Operations for Logs | 8.18.3 | 01/28 | Download | Release Notes |
| Aria Operations | 8.18.3 | 01/30 | Download | Release Notes |
| Aria Suite Lifecycle Manager | 8.18 PSPack5 | 01/31 | Download | Release Notes |
VMSA-2025-0003[HIGH] [CSSv3 8.6]
CVE(s)
- VMware Aria Operations for Logs information disclosure vulnerability (CVE-2025-22218)
- VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219)
- VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220)
- VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221)
- VMware Aria Operations information disclosure vulnerability (CVE-2025-22222)
Description
- VMware would like to thank Maxime Escourbiac, Michelin CERT, Yassine Bengana, Abicom from Michelin CERT and Quentin Ebel, Abicom from Michelin CERT for reporting this issue to us.
Response Matrix
| Product | CVE | Fixed Version | Workaround |
|---|---|---|---|
| Aria Operations for Logs | CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221 | 8.18.3 | None |
| Aria Operations | CVE-2025-22222 | 8.18.3 | None |
| VCF | CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 | KB92148 | None |
KB Articles
|
Subject | KB Article |
|---|---|
| Broadcom Service Status Page – Microsoft Teams Retiring Webhook-based Connectors | 387207 |
|
Archive All Active Alerts in Aria Operations for Networks | |
|
In Aria Operations for Logs, the vSphere integration menu shows no data when connecting via a reverse proxy. | |
|
A general system error occurred: Too many outstanding operations | |
|
Objects in Operations do not have any historical data after recent outage | |
|
Error „Operation failed Failed to start the virtual machine. Cannot open the disk“ while powering on a virtual machine | |
|
Ping over an NSX L2 Bridge fails | |
|
Devices from an ALUA capable storage array claimed by VMW_SATP_DEFAULT_AA | |
|
Generating database dump / Backing up Embedded postgres database on Aria Suite Lifecycle 8.x | |
|
Incorrect Target VM Folder Names Created by HCX Bulk Migration | |
|
„Audio Passthrough Not Working on Windows 10 VMs“ | |
|
HCX Manager Snapshots in VMC Environment | |
|
HMS Service Failure and Site Pairing Issues After VRMS 8.x Upgrade Due to Disabled Embedded HBR Server | |
|
Can’t take a Quiesce Snapshot because VMware Snapshot Provider Service is missing on Windows | |
|
Single Node Cluster redirecting to IP address after vIDM integration | |
|
An expired or expiring client auth certificate is present in the NSX inventory | |
|
Broadcom Service Status Page – Microsoft Teams Retiring Webhook-based Connectors |
OnSite Events
| Event | Date | |
|---|---|---|
| VMUG User/con Dutch | 03/12 | |
| VMUG User/con Philadelphia | 03/25 | |
| VMUG Connect | 04/23-25 | |
| VMUG User/con German | 05/08 | |
| Carolina User/con | 05/08 | |
| Toronto User/con | 05/19 | |
| Denver User/con | 05/29 | |
| Belgian User/con | 06/05 | |
| Swedish User/con | 09/23 | |
| Explore 2025 – Las Vegas | 08/25 | |
Podcast | Webinar | Blog Posts
Passwordless login to vCenter Server or VMware Cloud Foundation (VCF) using Apple Face ID or Yubico YubiKey (BlogPost)
After spending some time playing with a couple of self-hosted Identity Providers solutions like Authentik and Keycloak for use with vCenter Server Identity Federation, I was curious about their Multi-Factor Authentication (MFA) support. Specifically, I was interested in their WebAuthn capabilities, which should allow me to use the popular Yubico YubiKey for passwordless authentication into my VMware environment. 😊
What’s New for 2025? Level Up with VMware {code}! (VMware Blods)
Announcements | What’s New for 2025? VMware {code} Community Calls: A Space to Learn, Share, and Connect; plus Certification Study Groups. – Find out the details here and get involved!
VMware vDefend Threat Protection: Security and Resiliency (BlogPost)
In an era where cyber threats are evolving rapidly, businesses must adopt cutting-edge security solutions to safeguard their infrastructure. VMware vDefend is a next-generation threat protection system designed to enhance security and resiliency across virtual environments. This article explores the latest updates, key functionalities, and how vDefend contributes to a more resilient IT ecosystem.