CVE-2025-41231
- EPSS 0.16%
- Veröffentlicht 20.05.2025 13:15:48
- Zuletzt bearbeitet 12.06.2025 16:22:47
VMware Cloud Foundation contains a missing authorisation vulnerability. A malicious actor with access to VMware Cloud Foundation appliance may be able to perform certain unauthorised actions and access limited sensitive information.
CVE-2025-22249
- EPSS 0.32%
- Veröffentlicht 13.05.2025 05:08:03
- Zuletzt bearbeitet 11.07.2025 14:27:30
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a mali...
CVE-2025-22224
- EPSS 1.52%
- Veröffentlicht 04.03.2025 12:15:33
- Zuletzt bearbeitet 30.10.2025 19:52:49
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the vi...
CVE-2025-22225
- EPSS 0.96%
- Veröffentlicht 04.03.2025 12:15:33
- Zuletzt bearbeitet 30.10.2025 19:52:45
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
- EPSS 1.68%
- Veröffentlicht 04.03.2025 12:15:33
- Zuletzt bearbeitet 30.10.2025 19:52:41
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the...
- EPSS 0.64%
- Veröffentlicht 30.01.2025 16:15:31
- Zuletzt bearbeitet 14.05.2025 16:46:17
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that (can perform stored cross-site scripting) may lead to arbitrary ...
CVE-2025-22220
- EPSS 0.32%
- Veröffentlicht 30.01.2025 16:15:31
- Zuletzt bearbeitet 14.05.2025 16:46:59
VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admi...
CVE-2025-22221
- EPSS 0.39%
- Veröffentlicht 30.01.2025 16:15:31
- Zuletzt bearbeitet 14.05.2025 16:47:14
VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when...
CVE-2025-22222
- EPSS 0.54%
- Veröffentlicht 30.01.2025 16:15:31
- Zuletzt bearbeitet 14.05.2025 16:47:55
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
CVE-2025-22218
- EPSS 0.65%
- Veröffentlicht 30.01.2025 15:15:18
- Zuletzt bearbeitet 14.05.2025 16:45:25
VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs