Introduction Broadcom has published VMSA-2025-0008 to address a newly disclosed DOM-based Cross-Site Scripting (XSS) vulnerability in VMware Aria Automation, previously known as vRealize Automation. The issue is tracked as CVE-2025-22249 and has been assigned a CVSSv3 base score of 8.2 (Important severity). This client-side scripting flaw could allow an attacker to steal access tokens or session identifiers from authenticated users by tricking them into visiting a specially c
