VMware Aria Operations recently released a hotfix in response to a newly announced VMware Security Advisory (VMSA) addressing a critical local privilege escalation vulnerability (CVE-2025-22231). Check out the release notes for details on all the resolved issues and fixes.

I successfully updated my lab environment and documented the process in the article below, detailing how I utilized the Aria Suite Lifecycle Manager (ASLCM) to apply the vRealize Operations HF5 patch file to update Aria Operations version 8.18.3 with the hotfix.

Optionally, this patch can be applied locally using the admin UI in the Aria Operations instance. For an example of that type of patch process, go check out this article from Aria expert Brock Peterson.

As seen below, this instance is Aria Operations 8.18.3 (24521408)

First, go retrieve the hot fix file (yes, this is still a manual step). Login to the Broadcom support portal and download the appropriate version of the Aria Operations HF5 patch file (vrlcm-vrops-8.18.3-HF5.patch).

Use WinSCP to transfer it over to the ASLCM appliance. Place the file in the /data directory.

Once complete, login to ASLCM. Go to Settings -> Binary Mapping. Click on the Patch Binaries tab.

Click Add Patch Binary.

In the new window that pops up, enter the source location of /data, then click Discover.

After the patch file appears in the lower selection panel, select the radio button, and click Add.

The add patch request will run – monitor for the process to complete in the Requests panel (this may take a while)…

Done!

Once completed, navigate to Environments and find the Aria Operations instance.

Click on the 3 dots (a.k.a. the kebab) and hover over Patches, then click on Install Patch.

ASLCM will show the available HF5 patch, select the radio button next to the file and and click Next.

Review the installation details and when ready, click Install.

This new update request will run, and there are a couple of stages ASLCM will run through. Again, standby and ASLCM will do the work…

And when it finishes, we can check the version again to verify the HF has been applied.

Verified we now have the hotfix applied!

That’s all for this blog! If you learned something or I helped you out in some way, please make a comment and let me know. Thanks!

**Updated with the correct non-typo’d version of Aria **