A recent security scan has identified multiple Apache Tomcat vulnerabilities in VMware Aria Operations for Logs version 8.18.3, specifically affecting versions older than 9.0.104. The identified vulnerabilities include:

• CVE-2025-31650
• CVE-2025-31651

VMware Aria Operations for logs 8.18.3

The reported Apache Tomcat vulnerabilities are fixed in Aria Operations for Logs 8.18.4. It is recommended to upgrade to Aria Operations for Logs 8.18.4 to remediate this vulnerability.

Download the upgrade file for Aria Operations for logs 8.18.4: ProductFiles - Support Portal - Broadcom support portal

Follow the steps mentioned in the following document to upgrade Aria Operations for logs to 8.18.4: Upgrade to the Latest Version of VMware Aria Operations for Logs