Summary: Today, Broadcom released a security advisory for five vulnerabilities, the most severe being CVE-2025-22218 in VMWare Aria Operations, can result in an escalation of privileges to the admin user account via cross-site scripting. 

Analyst Note: This could allow a malicious actor with “view only admin permissions” and access to Aria Operations for Logs API to perform actions or operations in the context of an admin user. WaterISAC urges members to immediately update to the latest software version. No workarounds have been identified by Broadcom for this vulnerability.

Original Source: https://support.broadcom.com/web/ecx/support-content-notification/ /external/content/SecurityAdvisories/0/25329

Related WaterISAC PIRs: 8