VMware Aria Operations
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in VMware Aria Operations.
By the Year
In 2025 there have been 4 vulnerabilities in VMware Aria Operations with an average score of 6.4 out of ten. Last year, in 2024 Aria Operations had 6 security vulnerabilities published. Right now, Aria Operations is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.08
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 4 | 6.40 |
| 2024 | 6 | 6.48 |
| 2023 | 2 | 6.70 |
It may take a day or so for new Aria Operations vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent VMware Aria Operations Security Vulnerabilities
VMware Aria Ops Cred Disclosure via Info Leak
CVE-2025-41245
4.9 - Medium
- September 29, 2025
VMware Aria Operations contains an information disclosure vulnerability. A malicious actor with non-administrative privileges in Aria Operations may exploit this vulnerability to disclose credentials of other users of Aria Operations.
Insecure Default Initialization of Resource
VMware Aria Ops/Tools LPE via SDMP (VMware vSphere)
CVE-2025-41244
7.8 - High
- September 29, 2025
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM.
Privilege Defined With Unsafe Actions
VMware Aria Ops LPE to root on appliance
CVE-2025-22231
- April 01, 2025
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
VMware Aria Ops Info Disclosure via Outbound Plugin Credential Leak
CVE-2025-22222
6.5 - Medium
- January 30, 2025
VMware Aria Operations contains an information disclosure vulnerability. A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known.
VMware Aria Ops: Stored XSS via Editing Access
CVE-2024-38834
4.8 - Medium
- November 26, 2024
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
CVE-2024-38833: Stored XSS via Email Templates in VMware Aria Ops
CVE-2024-38833
5.4 - Medium
- November 26, 2024
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
Stored XSS in VMware Aria Ops via View Editing
CVE-2024-38832
6.4 - Medium
- November 26, 2024
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
VMware Aria Ops LPE via Properties File
CVE-2024-38831
7.8 - High
- November 26, 2024
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations.
VMware Aria Operations Local Privilege Escalation to Root on Appliance
CVE-2024-38830
7.8 - High
- November 26, 2024
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations.
VMware Aria Ops LPE: Admin Can Escalate to root
CVE-2024-22235
6.7 - Medium
- February 21, 2024
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
VMware Aria Operations contains a local privilege escalation vulnerability
CVE-2023-34043
6.7 - Medium
- September 27, 2023
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Improper Privilege Management
VMware Aria Operations contains a privilege escalation vulnerability
CVE-2023-20880
6.7 - Medium
- May 12, 2023
VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for VMware Aria Operations or by VMware? Click the Watch button to subscribe.
