Security Advisory

CVE-2025-22249

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-13 05:08:03

Last updated 2025-05-13 13:49:59

Assigner vmware

State PUBLISHED

Description

VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL.

← Browse all CVEs View on cve.org ↗