do son 
VMware has recently released patches to address a local privilege escalation vulnerability (CVE-2025-22231) affecting several of its products, including VMware Aria Operations, VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure. The vulnerability allows a malicious actor with local administrative privileges to escalate their privileges to root on the appliance running VMware Aria Operations. VMware has assessed the severity of this issue as “Important,” with a maximum CVSSv3 base score of 7.8.
The core issue lies in a local privilege escalation vulnerability within VMware Aria Operations. According to the advisory, “A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations“. This type of vulnerability is particularly dangerous because it allows an attacker who has already gained a foothold in the system to gain complete control, potentially leading to data breaches, system outages, and other severe consequences.
The vulnerability impacts a range of VMware products:
-
VMware Aria Operations
-
VMware Cloud Foundation
-
VMware Telco Cloud Platform
-
VMware Telco Cloud Infrastructure
VMware has credited thiscodecc of MoyunSec Vlab and Bing for responsibly reporting the vulnerability. VMware has urged users to apply the necessary patches to remediate CVE-2025-22231.
| Product | Version | Running On | Fixed Version |
| VMware Aria Operations | 8.x | Any | 8.18 HF 5 |
| VMware Cloud Foundation | 5.x,4.x | Any | KB article |
| VMware Telco Cloud Platform | 5.x, 4.x, 3.x | Any | 8.18 HF 5 |
| VMware Telco Cloud Infrastructure | 3.x, 2.x | Any | 8.18 HF 5 |
Given the severity of this local privilege escalation vulnerability, it is crucial for administrators to take immediate action. Applying the provided patches is essential to mitigate the risk and secure VMware environments. It is also recommended to review access controls and follow security best practices to prevent potential exploitation.
Related Posts:
- VMware Aria Operations Hit By Multiple Vulnerabilities
- VMware Aria Operations Flaws Expose Credentials, Enable Privilege Escalation
- VMware fixes critical security bugs (CVE-2023-34039 & CVE-2023-20890) in Aria Operations for Networks
- VmWare release the patch to fix use-after-free and integer-overflow vulnerabilities
