VMware Aria Operations 8.18 Hot Fix 5
search cancel

VMware Aria Operations 8.18 Hot Fix 5

book

Article ID: 392307

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This is a public Hot Fix that addresses the following issues:

  • Product managed agent installation is failing
  • Cloud Proxy status became unhealthy after removing nodes from cluster
  • 'Network|Total Transmitted Packets Dropped' metric for VMs is missing
  • JS error in creation flow of Payload Templates for webhook plugin
  • "The session is not authenticated" issue while calling SPBM API's
  • [Diagnostics MP rule update] Add new VMSA rules: VMware ESXi CVE-2025-22224, CVE-2025-22225, CVE-2025-22226, to VMSA-2025-0004
  • [Diagnostics MP rule update] Update to VMSA rules: VMware vCenter Server CVE-2024-38812, CVE-2024-38813, to VMSA-2024-0019
  • [Diagnostics MP rule update] Add new VMSA rules: VMware Aria automation CVE-2025-22215, to VMSA-2025-0001

This release resolves CVE-2025-22231. For more on this vulnerability and its impact on VMware products, see VMSA-2025-0006.

The following CVEs have been resolved :

Component Name CVE
7-Zip CVE-2016-7804
CVE-2017-17969
CVE-2018-10115
CVE-2018-10172
CVE-2018-5996
CVE-2022-29072
CVE-2023-31102
CVE-2024-11477
CVE-2025-0411
Bash CVE-2019-18276
GNU C Library CVE-2019-25013
CVE-2020-10029
CVE-2020-1752
CVE-2020-27618
CVE-2020-29562
CVE-2021-27645
CVE-2021-3326
CVE-2021-33574
CVE-2021-38604
CVE-2022-23218
CVE-2022-23219
CVE-2023-4813
RPM CVE-2021-3521
CVE-2021-35937
CVE-2021-35938
CVE-2021-35939
XZ Utils CVE-2020-22916
libexpat CVE-2022-43680
libnsl CVE-2023-4527
CVE-2023-4806
CVE-2023-4813
CVE-2023-4911
libxml2 CVE-2022-23308
CVE-2022-29824
CVE-2022-40303
CVE-2022-40304
lua CVE-2022-28805
CVE-2022-33099
ncurses CVE-2021-39537
CVE-2022-29458
CVE-2023-29491
p7zip CVE-2016-9296
CVE-2017-17969
CVE-2018-5996
CVE-2022-47069
util-linux CVE-2021-37600
CVE-2021-3995
CVE-2021-3996
CVE-2022-0563
vmware/photon CVE-2022-22942
zlib CVE-2018-25032

 

Environment

VMware Aria Operations 8.18

Resolution

This patch can be applied to any 8.18.x environment.

Note: Upgrading from older versions directly to this Patch is not supported. You must upgrade to 8.18.x before applying this Patch.

 

Applying the patch

There are two different methods of updating to this patch. Both are described below. 

Directly applying the patch to Aria Operations (Manual / Standalone) and through Aria Suite Lifecycle Manager (Updating through Aria Suite Lifecycle Manager).

 

Prerequisites

  • Download the patch that matches your environment version and one of the chosen methods (.PAK if using Manual/Standalone or .patch if via Aria Suite Lifecycle Manager) from the table below:

    Release Name Release Date Build Number UI Build Number File Name
    VMware-Aria-Operations-8.18-HF5 4-1-2025 24663027 24663033 vRealize_Operations_Manager_With_CP-8.14.x-to-8.18.3.24663027.pak
    vrlcm-vrops-8.18.0-HF5 4-1-2025 24663027 24663033 vrlcm-vrops-8.18.0-HF5.patch
    vrlcm-vrops-8.18.1-HF5 4-1-2025 24663027 24663033 vrlcm-vrops-8.18.1-HF5.patch
    vrlcm-vrops-8.18.2-HF5 4-1-2025 24663027 24663033 vrlcm-vrops-8.18.2-HF5.patch
    vrlcm-vrops-8.18.3-HF5 4-1-2025 24663027 24663033 vrlcm-vrops-8.18.3-HF5.patch

Note: You will need to login to the portal first to allow download of the file using the direct links above.

        Important: Take snapshots of each of the VMware Aria Operations nodes before applying the Patch by following How to take a Snapshot of VMware Aria Operations.

Manual / Standalone

  1. Download the VMware Aria Operations 8.18 Hot Fix 5 PAK file as per above table link
  2. Log in to the primary node Administrator interface of your cluster at https://primary-node-FQDN-or-IP-address/admin.
  3. Click Software Update in the left panel.
  4. Click Install a Software Update in the main panel.
  5. Follow the steps in the wizard to locate and install your .PAK file.
  6. Install the product update .PAK file.
  7. Wait for the software update to complete. When it does, the Administrator interface logs you out. Log back into the primary node Administrator interface.
  8. The main Cluster Status page appears and cluster goes online automatically. The status page also displays the Bring Online button, but do not click it.
  9. Clear the browser caches and if the browser page does not refresh automatically, refresh the page.
  10. The cluster status changes to Going Online. When the cluster status changes to Online, the upgrade is complete.
  11. Click Software Update to check that the update is done.
  12. A message indicating that the update completed successfully appears in the main panel.
  13. Once the update has successfully completed, delete the snapshots you made before the software update.

Updating through Aria Suite Lifecycle Manager

  1. Download the Aria Suite Lifecycle wrapped patch (*patch file) for the applicable version.
  2. Follow instructions as per documentation
Powered by Wolken Software