Warning to VMware admins: Patch Aria, Cloud Foundation, Telco Cloud

VMware admins have to install the latest patches on certain applications to block threat actors from leveraging a serious vulnerabilitiy.

Applications affected are

• VMware Aria Operations

• VMware Cloud Foundation

• VMware Telco Cloud Platform

• and VMware Telco Cloud Infrastructure

In an advisory issued today VMware said a local privilege escalation vulnerability (CVE-2025-22231) could allow a hacker who gets into a system to escalate their access privileges to “root” on a server running VMware Aria Operations.

The severity of the hole is rated “High,” and has been given a CVSS rating of 7.8

VMware Aria Operations 8.18 should be running Hot Fix (Patch) 5. Worried that you need to upgrade to version 8.18? The VMware notice warns that upgrading from older versions directly to this Patch is not supported. You must upgrade to 8.18.x before applying this Patch.

For more on this vulnerability see this page from VMware parent Broadcom.

As a prime supplier of key infrastructure applications, VMware products are of particular interest to threat actors. In January the company warned of five High severity vulnerabilities that could allow a malicious actor with View Only Admin permissions to read the credentials of a VMware product integrated with VMware Aria Operations for Logs.