Aria Operations is deployed as a WAR or with embedded servlet container which does not reject suspicious sequences, or serves static resource with spring resource handling
search cancel

Aria Operations is deployed as a WAR or with embedded servlet container which does not reject suspicious sequences, or serves static resource with spring resource handling

book

Article ID: 409532

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Aria Operations 8.18x vulnerability in Spring Framework

Environment

Aria Operations 8.18.x

VCF Operations 9.x

Cause

vulnerability observed in applications containing Spring Framework 5.3.x < 5.3.44 / 6.1.x < 6.1.22 / 6.2.x < 6.2.10

Resolution

VMware By Broadcom is aware of CVE-2025-41242

Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support.

Additional Information

Powered by Wolken Software