CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows...

9.9CVSS6.8AI score0.00171EPSS

Exploits0References1

Tenable Nessus•added 2025/05/16 12:0 a.m.•7 views

VMware Aria Automation 8.18.x < 8.18.1 patch 2 DOM Based XSS (VMSA-2025-0008)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0008 advisory. - VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token o...

8.2CVSS8.6AI score0.00191EPSS

Exploits0References2

RedhatCVE•added 2025/05/15 6:13 a.m.•9 views

CVE-2025-22249

VMware Aria automation contains a DOM based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this issue to steal the access token of a logged in user of VMware Aria automation appliance by tricking the user into clicking a malicious crafted payload URL...

8.2CVSS5.9AI score0.00191EPSS

Exploits0References3

NVD•added 2025/05/13 6:15 a.m.•14 views

CVE-2025-22249

8.2CVSS0.00191EPSS

Exploits0References1

OSV•added 2025/05/13 6:15 a.m.•1 views

CVE-2025-22249

8.2CVSS5.8AI score

Exploits0References1

Vulnrichment•added 2025/05/13 5:8 a.m.•7 views

CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

8.2CVSS7.4AI score0.00191EPSS

Exploits0References1

Cvelist•added 2025/05/13 5:8 a.m.•28 views

CVE-2025-22249 VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

8.2CVSS0.00191EPSS

Exploits0References1

CVE•added 2025/05/13 5:8 a.m.•124 views

CVE-2025-22249

CVE-2025-22249 is a DOM-based Cross‑Site Scripting (XSS) flaw in VMware Aria Automation. Affected product: VMware Aria Automation (8.18.x line). Root cause: DOM-based XSS that enables an attacker to steal the access token of a logged-in user by convincing the user to click a malicious crafted pay...

8.2CVSS7.4AI score0.00191EPSS

Exploits0References1Affected Software3

CNNVD•added 2025/05/13 12:0 a.m.•2 views

VMware Aria Automation 安全漏洞

VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A security vulnerability exists in VMware Aria Automation that originates from DOM-type cross-site scripting and...

8.2CVSS8.6AI score0.00191EPSS

Exploits0References1

VMware•added 2025/05/12 12:0 a.m.•43 views

VMSA-2025-0008: VMware Aria automation updates address a DOM based Cross-site scripting vulnerability (CVE-2025-22249)

Advisory ID: | VMSA-2025-0008 ---|--- Advisory Severity: | Important CVSSv3 Range: | 8.2 Synopsis: | VMware Aria automation updates address a DOM based Cross-site scripting vulnerability CVE-2025-22249 Issue date: | 2025-05-12 Updated on: | 2025-05-12 CVEs | CVE-2025-22249 1. Impacted Products...

8.2CVSS6.1AI score0.00191EPSS

Exploits0References3

Positive Technologies•added 2025/05/12 12:0 a.m.•3 views

PT-2025-20732 · Vmware · Vmware Aria Automation

Name of the Vulnerable Software and Affected Versions: VMware Aria automation affected versions not specified Description: The issue is a DOM-based Cross-Site Scripting XSS vulnerability. A malicious actor may exploit this to steal the access token of a logged-in user by tricking them into clicki...

8.5CVSS8.3AI score0.00191EPSS

Exploits0References11

Tenable Nessus•added 2025/01/16 12:0 a.m.•5 views

VMware Aria Automation SSRF (VMSA-2025-0001)

The VMware Aria Automation application running on the remote host is affected by a vulnerability as referenced in the VMSA-2025-0001 advisory. - VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with 'Organization Member' access to Aria Automation...

4.3CVSS5.6AI score0.00272EPSS

Exploits0References2

CVE•added 2025/01/08 6:43 a.m.•115 views

CVE-2025-22215

The CVE-2025-22215 SSRF vulnerability affects VMware Aria Automation. A malicious actor with "Organization Member" access can abuse server-side requests to enumerate internal services on the host/network. The advisory (VMSA-2025-0001) notes a CVSSv3 base score of 4.3 (Moderate) and lists fixed ve...

4.3CVSS4.7AI score0.00272EPSS

Exploits0References1

Cvelist•added 2025/01/08 6:43 a.m.•18 views

CVE-2025-22215 VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

VMware Aria Automation contains a server-side request forgery SSRF vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network...

4.3CVSS0.00272EPSS

Exploits0References1

Vulnrichment•added 2025/01/08 6:43 a.m.•5 views

CVE-2025-22215 VMSA-2025-0001: VMware Aria automation update addresses a server side request forgery vulnerability (CVE-2025-22215)

4.3CVSS6.9AI score0.00272EPSS

Exploits0References1

CNNVD•added 2025/01/08 12:0 a.m.•1 views

VMware Aria Automation 代码问题漏洞

VMware Aria Automation is a modern workflow automation platform from VMware that simplifies and automates complex data center infrastructure tasks to improve scalability and agility. A code issue vulnerability exists in VMware Aria Automation. An attacker exploiting this vulnerability could...

4.3CVSS6.8AI score0.00272EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by