Article Details

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft. Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - Security researchers Maxime Escourbiac from Michelin CERT, and Yassine Bengana and Quentin Ebel from Abicom and part of the Michelin CERT team for detecting and reporting the flaws. It's worth noting that the same team spotted two other shortcomings in the same product (CVE-2024-38832 and CVE-2024-38833) in late November 2024. All the aforementioned vulnerabilities have been patched in VMware Aria Operations and Aria Operations for Logs version 8.18.3. The virtualization services provider makes no mention of these issues being exploited in the wild. The advisory comes days after Broadcom warned of a high-severity security flaw in VMware Avi Load Balancer (CVE-2025-22217, CVSS score: 8.6) that could be weaponized by malicious actors to gain database access.