The Register: VMware plugs steal-my-credentials holes in Cloud Foundation

Jan 30, 2025

—

Source URL: https://www.theregister.com/2025/01/30/vmware_infomration_disclosure_flaws/
Source: The Register
Title: VMware plugs steal-my-credentials holes in Cloud Foundation

Feedly Summary: Consider patching soon because cybercrooks love to hit vulnerable tools from Broadcom’s virtualization giant
Broadcom has fixed five flaws, collectively deemed “high severity," in VMware’s IT operations and log management tools within Cloud Foundation, including two information disclosure bugs that could lead to credential leakage under certain conditions.…

AI Summary and Description: Yes

Summary: Broadcom has addressed five high-severity security vulnerabilities in VMware’s IT operations and log management tools within Cloud Foundation, which could lead to credential leakage and exploitation via compromised accounts. The vulnerabilities primarily affect VMware Aria Operations and Aria Operations for Logs and underscore the necessity of prompt updates due to the potential threat posed to enterprise security.

Detailed Description: The text discusses critical security flaws discovered in VMware’s cloud management tools, which are part of the broader ecosystem of cloud and infrastructure security. Here are the major points:

– **Overview of Vulnerabilities**: Five vulnerabilities categorized as “high severity” were identified in VMware’s Aria Operations and Aria Operations for Logs.
– **Types of Vulnerabilities**:
– **Information Disclosure Bugs**: CVEs CVE-2025-22218 and CVE-2025-22222 could lead to the leakage of credentials, posing significant security risks.
– **Stored Cross-Site Scripting (XSS) Vulnerabilities**: CVEs CVE-2025-22219 and CVE-2025-22221 enable the injection of malicious scripts, which can perform unauthorized actions.
– **Privilege Escalation Vulnerability**: CVE-2025-22220 allows unauthorized users to execute operations needing admin privileges through the API.

– **Affected Versions**: The vulnerabilities impact VMware Aria Operations for Logs versions 8 and newer and versions 4.x and 5.x of VMware Cloud Foundation.

– **Patch Availability**: Patches are available, and it is highly recommended for users to update to version 8.18.3 to mitigate these vulnerabilities.

– **Exploitation Risk**: Although no in-the-wild exploits are currently reported, the potential for these vulnerabilities to be abused through compromised credentials remains a serious concern, highlighting the need for proactive security measures.

– **Credential Theft**: The ability for users with non-admin privileges to exploit certain vulnerabilities to steal service credential IDs presents a substantial risk to enterprise security.

– **Recognition of Security Researchers**: Broadcom acknowledged the contributions of specific individuals for their roles in identifying and disclosing the vulnerabilities.

This information is particularly relevant to security and compliance professionals as it illustrates the ongoing risks associated with widely deployed software solutions and underscores the importance of timely security updates and vulnerability management in preventing breaches in a cloud infrastructure context. Given the historical targeting of VMware products by cybercriminals and state-sponsored actors, organizations must ensure these patches are prioritized in their security practices.

01 1 2 3 4 5 a abuse Act AI and anti API Arch Aria art as availability AWS breach breaches Broadcom Bug bugs by C CIA Cloud Cloud Foundation cloud infrastructure Col compliance compliance professionals compromised credentials Context core credential credential leakage credential theft credentials critical cross cross-site scripting cross-site scripting (XSS) Current CVE cyber cybercriminal cybercriminals D de disclosure dual e ecosystem edge end enterprise Enterprise Security ERP event exp exploit Exploitation exploitation risk exploits for g GIS Go gs high high severity Highlight HR http HTTPS in information information disclosure infrastructure infrastructure security injection ite J k knowledge l law led Log Management logs low management management tools my no non o of on operation organization organizations over Patch patches patching point pre privilege escalation proactive proactive security proactive security measures product products professionals prompt R rate RCE red report research researchers Risk risks Ro Role s search sec security security and compliance Security Flaw security flaws security measure security measures security practices Security Research Security Researcher security researchers security risk security risks security update security updates Security Vulnerabilities service severity side Sig site scripting SoC software software solutions source sponsored sponsored actors SSE state state-sponsored state-sponsored actors system T text the theft threat Time to tool tools Tor TP two up update updates US use user uth V version virtualization VMware vulnerabilities vulnerability Vulnerability Management Wi x XSS