Product Releases
| Product | Version | Release Date | Download | Documentation |
|---|---|---|---|---|
| Aria Operations | 8.18 HF5 | 04/01 | Download | Documentation |
VMware Security Advisory
VMSA-2025-0005 [IMPORTANT][CVSSv3: 7.8]
Products:
- Aria Operations
CVE(s):
- VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231)
Description:
- VMware Aria Operations contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations. To remediate CVE-2025-22231 apply the patches listed in the ‚Fixed Version‘ column of the ‚Response Matrix‘ found below. VMware would like to thank thiscodecc of MoyunSec Vlab and Bing for reporting this issue to us.
| Product | Version | CVE | Fixed | Workaround |
|---|---|---|---|---|
| Aria Operations | 8.x | CVE-2025-22231 | 8.18 HF 5 | none |
| VCF | 5.x / 4.x | CVE-2025-22231 | KB article | none |
| Telco Cloud Plat. | 5.x / 4.x / 3.x | CVE-2025-22231 | 8.18 HF 5 | none |
| Telco CLoud Infra. | 3.x / 2.x | CVE-2025-22231 | 8.18 HF 5 | none |
Product Lifecycle
| Product | Version | EOL |
|---|---|---|
| VMware NSX | 3.2.5 | 07. Apr 25 |
| VMware Bare Metal Automation for VMware Telco Cloud Platform | 3.0 | 18. Apr 25 |
| VMware Cloud Provider Lifecycle Manager | 1.5 | 18. Apr 25 |
| VMware Data Services Manager | 2.1.0 | 23. Apr 25 |
| VMware Aria Operations for Networks | 6.10.0 | 27. Apr 25 |
| VMware Aria Operations for Networks | 6.11.0 | 27. Apr 25 |
| vSphere Bitfusion | 4.5.2 | 05. May 25 |
| vSphere Bitfusion | 4.5.3 | 05. May 25 |
| VMware Tools | 11.1.0 | 07. May 25 |
| VMware Tools | 11.1.1 | 07. May 25 |
| VMware Tools | 11.1.5 | 07. May 25 |
| VMware Aria Automation | 8.17.0 | 09. May 25 |
| VMware Aria Automation Orchestrator | 8.17.0 | 14. May 25 |
| VMware Data Services Manager | 2.1.1 | 20. May 25 |
| TKr 1.28.7 for vSphere 8.x | 1.28.7 | 28. May 25 |
| TKr 1.28.8 for vSphere 8.x | 1.28.8 | 28. May 25 |
| VMware Cloud Foundation | 4.5 | 31. May 25 |
| VMware Cloud Foundation | 4.5.1 | 31. May 25 |
| VMware Cloud Director Availability | 4.6 | 15. Jun 25 |
| VMware Cloud Director Availability | 4.6.1 | 15. Jun 25 |
| VMware Cloud Director Availability | 4.7 | 15. Jun 25 |
| VMware Cloud Director Availability | 4.7.1 | 15. Jun 25 |
| VMware Data Services Manager | 2.1.2 | 24. Jun 25 |
| Uhana by VMware | 0.52.3 | 30. Jun 25 |
| Uhana by VMware | 0.52.4 | 30. Jun 25 |
| Uhana by VMware | 0.52.5 | 30. Jun 25 |
| VMware vCloud Usage Meter | 4.8 | 30. Jun 25 |
KB Article
| Subject | ID |
|---|---|
| Error: Host <UUID> is not added to VDS value: <value> . (Error code: 9548) | 393260 |
| NVMEOver TCP session to the storage lost after a reboot of the esxi hosts configured with Hostprofile | 393229 |
| Rubrik VM backup failing with NFC_COMPRESSION_ERROR | 393216 |
| Unable to update vsan HCL DB manually or online | 393204 |
| Delete Snapshot list of Aria Automation Day 2 action is showing Snapshots that no longer exist | 393142 |
| Cannot remove a Disk Group from the vSAN Cluster using vSphere UI | 393099 |
| „Could not initialize plugin ‚libnvidia-vgx.so‘ for vGPU ‚profile_name‘ Failed to start the virtual machine. Module DevicePowerOn power on failed.“ error when powering on a VM with vGPU device | 393089 |
| Appliance node not accepting new root password | 393065 |
| Virtual Machines are either frozen or have turned invalid | 393060 |
| After ESXi upgrade, a disk group with deduplication remains in an unhealthy state. | 392966 |
| Offline bundle utility fails with the error: „Unable to create token after 8 retries“ | 392946 |
| „Password Expiry“ Alarm Not Triggered for Edge Nodes with Expired Root Passwords | 392915 |
| Unable to configure NSX on nodes which were rebuilt in the cluster : Error Code 100 | 392879 |
| Cannot unmount volume ########## because One or more virtual machines are still registered on it. | 392867 |
| Skyline adapter stops collecting and enters an error state | 392739 |
| vSAN cluster showing 0 usage | 392730 |
| Error: „PCI passthru device caused IOMMU fault“ when VM Powers Off Unexpectedly | 392714 |
| Unable to Login to ESXi Using Domain Credentials, fails with the Error „Connection to ESXi Host Timed Out“ | 392710 |
| VMware Aria Orchestrator is crashing with error „java.lang.OutOfMemoryError: GC overhead limit exceeded“ | 392695 |
| vSAN Stretched Cluster Witness Appliance reports Network partition in vSAN Skyline Health check. Cannot add newly deployed Witness. | 392681 |
| Can a VM or vmdk be recovered when VMFS metadata is overwritten? | 392614 |
| After the power outage the vsan datastore not available | 392542 |
| VIDM fails remediation LCMVIDM74066 | 392519 |
| Increasing the Width of a Data Grid in a Custom Form Using CSS | 392438 |
Podcast | Webinar | Blog Posts
| Over 375 Reasons to Update VCF & Aria Operations Architect’s Edge Live | 04/29/25 Webinar |
|---|---|
| Unlocking the Latest Features in Aria Operations & VMware VCFIt’s time to move beyond just updating your systems — let’s talk about what you can actually do with those updates.With over 375 new features and updates since September, the possibilities are endless, but many of you may not realize what’s available or how to fully leverage it. Join us for Architect’s Edge Live on Tuesday, April 29, 2025, at 11 AM PST—a casual, interactive coffee talk where we’ll break down these updates, explore what they can do for you, and help you fully maximize your VMware environment. This session is all about real conversations, real insights, and real customers—and it’s not just for those considering an update, but also for those already up-to-date. Here’s what you’ll get from our panel of vExpert veterans—many of whom are customers themselves: ☕ What’s new: Over 375 updates and features you might not even know about🔧 Unlocking hidden capabilities: Never-before-seen features you can start using today💡 How to fully leverage your updates: Tips and tricks and LIVE DEMOS for making the most of the latest advancements❓ Open Q&A: Ask the experts what’s working, what’s not, and get advice on your VMware environment Speaker: Christopher Kusek – Principal Cloud Architect, VCF Division | |
| Aria Operations 8.18 HF5 brockpeterson.com/ | Blogpost |
|---|---|
| Aria Operations 8.18 HF5 just dropped this morning, fixing a few bugs and addressing several VMSAs/CVEs, go get it here! You can apply it locally via the admin UI or via the Aria Suite Lifecycle Manager. In this blog, I’ll apply it locally. | |
| VCP-VCF Administrator Exam Study Group VMware {code} | Podcast |
|---|---|
| Welcome to the VCP-VCF Administrator Exam Study Group playlist! This community-driven series is brought to you by the VMware {code} Community and {code} Coaches, designed to help you successfully prepare for the VMware Cloud Foundation (VCF) Administrator certification exam.This is a community-led initiative with no formal classes, just a collaborative effort to share knowledge and support each other’s success. Note that this series is intended to complement, not replace, the official Broadcom training classes found on the Broadcom Learning site. | |