Insights from the Field

Introduction VMSA-2026-0001 addresses three vulnerabilities identified as CVE-2026-22719, CVE-2026-22720, and CVE-2026-22721. The advisory applies to VMware Aria Operations, a platform commonly integrated directly into vCenter environments for monitoring, analytics, and operational visibility. Aria Operations maintains authenticated connections to vCenter, collects configuration and performance data from ESXi hosts, and often integrates with Active Directory or other external

Introduction On September 29, 2025, VMware (via Broadcom) published VMSA-2025-0015, which addresses three vulnerabilities in VMware Aria Operations and VMware Tools (CVE-2025-41244, CVE-2025-41245, CVE-2025-41246). This is the initial publication of the advisory. It rates these issues as Important / High severity, with CVSSv3 base scores ranging from 4.9 to 7.8. Affected products include VMware Aria Operations, VMware Tools, VMware Cloud Foundation, VMware Telco Cloud Platfor

Introduction Broadcom has released VMSA-2025-0006, disclosing a local privilege escalation vulnerability in VMware Aria Operations. The vulnerability is tracked as CVE-2025-22231 and impacts multiple VMware platforms. Any attacker with local administrative access to the appliance can escalate privileges to root. There is no workaround. Patching is required. What Is It? CVE-2025-22231 is a local privilege escalation vulnerability affecting the following products: VMware Aria O