Primary

Context

VMware Aria Automation Server-Side Request Forgery Vulnerability

Vulnerability

Patched

A server-side request forgery (SSRF) vulnerability has been identified in VMware Aria Automation. This vulnerability allows a malicious actor with 'Organization Member' access to enumerate internal services running on the host or network. The issue is present in VMware Aria Automation version 8.x and affects VMware Cloud Foundation versions 5.x and 4.x.

Impact

Exploitation of this vulnerability could lead to unauthorized enumeration of internal services on the host or network, potentially allowing for further attacks or exploitation of other vulnerabilities.

Remediation

To address this vulnerability, users should apply the patches available for VMware Aria Automation 8.18.1 patch 1 or consult Knowledge Base article 385294 for VMware Cloud Foundation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.6

exploitability

4.9

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware Aria Automation Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware Aria Automation

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating