PT-2025-20732 · Vmware · Vmware Aria Automation
Published
2025-05-12
·
Updated
2025-05-18
·
CVE-2025-22249
CVSS v2.0
8.5
High
| Vector | AV:N/AC:L/Au:N/C:C/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
VMware Aria automation (affected versions not specified)
Description
The issue is a DOM-based Cross-Site Scripting (XSS) vulnerability. A malicious actor may exploit this to steal the access token of a logged-in user by tricking them into clicking a maliciously crafted payload URL.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Aria Automation