Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: High Vulnerability CVE-2025-22249 in VMware Aria Leads to Credential Theft, Patch Immediately!
Image
Gepubliceerd : 13/05/2025
* Last update: 13/05/2025
* Affected software:
→VMware Aria Automation v8.18.x
→VMware Cloud Foundation 5.x, 4.x
→VMware Telco Cloud Platform 5.x
* Type: DOM based Cross-site scripting leads to credential theft
* CVE/CVSS:
→CVE-2025-22249: CVSS 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)
Sources
Risks
The vulnerability requires user interaction which means it could be exploited through a phishing attack were the user clicks on a malicious URL link. If the user is logged in to their VMware Aria Automation account, the threat actor could gain full control of their account and perform any actions the user has the rights to perform. The vulnerability has a severe impact to the confidentiality and low impact to the integrity of the affected systems.
Description
CVE-2025-22249 is a DOM based Cross-site scripting vulnerability, that allows a threat actor to steal the access token of a logged in user of VMware Aria automation appliances by tricking the user into clicking a malicious crafted payload URL.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.