vRealize Network Insight (vRNI) and Aria Operations for Networks appliances are affected by CVE-2025-22247, as outlined in VMware Security Advisory VMSA-2025-0007. To mitigate this vulnerability, VMware recommends updating VMware Tools to version 12.5.2.

However, per official technical documentation, upgrading or uninstalling the version of VMware Tools included with the vRNI appliance is not recommended. For further details and guidance, please refer to the technical document linked below.

https://techdocs.broadcom.com/us/en/vmware-cis/aria/aria-operations-for-networks/6-14/vrealize-network-insight-ug-4-1-and-later-6-14/getting-started/security-compliance.html

Aria Operations for Networks

This is a vulnerability issue related to VMware Tools versions below 12.5.2, which exhibit insecure file handling. A malicious actor with non-administrative privileges on a guest VM may manipulate local files, potentially triggering insecure file operations within that VM.

This issue will be addressed in version 6.14.1.