What is CVE-2025-22215?

CVE-2025-22215 is a medium-severity vulnerability in Vmware Aria Automation. CVSS score: 4.3/10. Published 2025-01-08.

How severe is CVE-2025-22215?

Medium severity. CVSS v3 base score is 4.3 out of 10.

Vulnerability in Vmware Aria Automation

CVE-2025-22215

VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/netwo…

EPSS: 0.003 (50.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Vmware Aria Automation — versions 8.x
Vmware Cloud Foundation (Vmware Aria Automation) — versions 5.x, 4.x

References

support.broadcom.com/web/ecx/support-content-notification/-/external/content/Se…

Frequently asked questions

What is CVE-2025-22215?: CVE-2025-22215 is a medium-severity vulnerability in Vmware Aria Automation. CVSS score: 4.3/10. Published 2025-01-08.
How severe is CVE-2025-22215?: Medium severity. CVSS v3 base score is 4.3 out of 10.