CVE-2025-22215

Summary

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.

Affected Software

VendorProductVersion RangeStatus
VMwareVMware Aria Automation8.x < 8.18.1 patch 1affected
VMwareVMware Cloud Foundation (VMware Aria Automation)5.x < 8.18.1 patch 1affected
VMwareVMware Cloud Foundation (VMware Aria Automation)4.x < 8.18.1 patch 1affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References