VMware has issued a critical security advisory (VMSA-2025-0006) addressing a high-severity local privilege escalation vulnerability (CVE-2025-22231) in its Aria Operations platform.

The flaw, rated 7.8 on the CVSSv3 scale, allows attackers with local administrative access to gain root-level control over affected systems. Patches are now available for impacted products, including VMware Aria Operations, Cloud Foundation, and Telco Cloud platforms.

Vulnerability Details

The vulnerability stems from improper privilege containment mechanisms in VMware Aria Operations.

Attackers with existing local administrative privileges can exploit this flaw to execute arbitrary commands with root-level permissions, effectively granting full control over the appliance.

This could enable unauthorized data access, service disruption, or network lateral movement.

Broadcom confirmed the severity as “Important,” noting that exploitation requires prior local access. However, compromised employee accounts or phishing-based credential theft could serve as attack vectors.

The following VMware products are affected:

• VMware Aria Operations 8.x: Fixed in version 8.18 HF 5
• VMware Cloud Foundation 5.x/4.x: Requires updates via KB article
• Telco Cloud Platform 5.x/4.x/3.x and Telco Cloud Infrastructure 3.x/2.x: Fixed in 8.18 HF 5

No workarounds exist for unpatched systems, leaving immediate patching as the sole remediation method.

Recommendations

VMware urges administrators to:

1. Apply updates to affected systems immediately.
2. Audit local administrative accounts for suspicious activity.
3. Restrict access to management interfaces to authorized personnel only.

The company credited researchers thiscodecc of MoyunSec Vlab and Bing for responsibly disclosing the flaw.

Unpatched systems remain vulnerable to attackers who bypass perimeter defenses. Given VMware’s widespread use in enterprise and telecom environments, delayed updates could lead to large-scale breaches.