Security vulnerabilities CVE-2025-61795, CVE-2025-55752, and CVE-2025-55754 in Aria Automation Orchestrator

search cancel

Security vulnerabilities CVE-2025-61795, CVE-2025-55752, and CVE-2025-55754 in Aria Automation Orchestrator

book

Article ID: 418823

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Security scans of the Aria Automation Orchestrator appliance may identify the following vulnerabilities:

CVE-2025-61795
CVE-2025-55752
CVE-2025-55754

These vulnerabilities are associated with the embedded web server components found in the appliance.

Environment

Aria Automation Orchestrator 8.18.1.37012 Build 24981710

Cause

These findings are caused by the specific version of Apache Tomcat currently embedded within the Aria Automation Orchestrator 8.18.1 appliance.

Resolution

VMware By Broadcom is aware of CVE-2025-61795, CVE-2025-55752, and CVE-2025-55754.
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to these CVEs.
Should you require further information please contact Broadcom Support.

Feedback

thumb_up Yes

thumb_down No