VMware has recently released VMware Aria Operations 8.18 Patch 5, a crucial update aimed at enhancing stability, security, and functionality within Aria Operations environments. This patch specifically addresses multiple known issues, enhances security by mitigating critical vulnerabilities, and updates diagnostic management packs to include new VMware Security Advisories (VMSAs).
Key issues resolved in Aria Operations 8.18 Hot Fix 5 include:
- Failures occurring during managed agent installations.
- Cluster Platform (CP) health deterioration following node removal.
- Missing metric data, specifically “Network|Total Transmitted Packets Dropped” for virtual machines.
- JavaScript errors during the creation of Payload Templates for webhook integrations.
- Authentication errors impacting sessions when invoking Storage Policy-Based Management (SPBM) APIs.
Additionally, this patch significantly enhances security by addressing numerous vulnerabilities across multiple system components such as 7-Zip, Bash, GNU C Library, RPM, XZ Utils, libexpat, libnsl, libxml2, lua, ncurses, p7zip, util-linux, VMware Photon OS, and zlib. Notably, it resolves critical vulnerability CVE-2025-22231, detailed further in VMware Security Advisory VMSA-2025-0006.
Diagnostic Management Pack (Diagnostics MP) updates included in this release are:
- New security rules to address vulnerabilities VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) as documented in VMSA-2024-0004.
- Updated VMSA rules for VMware vCenter Server vulnerabilities (CVE-2024-38812, CVE-2024-38813), corresponding to VMSA-2024-0019.
- Newly added VMSA rules for VMware Aria Automation vulnerability CVE-2025-22215, as per VMSA-2025-0001.
Applying the Update
VMware Aria Operations 8.18 Patch 5 is applicable to all 8.18.x environments. It is important to note that direct upgrades from versions older than 8.18.x are not supported, so users must first upgrade their environments to an 8.18.x version before applying this patch.
Precautions Before Upgrading:
- Ensure you take snapshots of all VMware Aria Operations nodes.
- Confirm availability of valid backups.
Installation Procedure:
Manual/Standalone Installation:
- Download the appropriate VMware Aria Operations 8.18 Hot Fix 5 PAK file from the VMware support portal.
- Log in to your primary node’s VMware Aria Operations Administrator interface.
- Navigate to the Software Update section.
- Select Install a Software Update and follow the installation wizard steps to upload and apply the PAK file.
- After completion, the system will log you out automatically; log back in, clear browser caches, and confirm the cluster status as “Online.”
- Verify successful installation in the Software Update section and then safely remove pre-upgrade snapshots.
Installation via VMware Aria Suite Lifecycle 8.x:
- Download the Lifecycle-wrapped patch specific to your version from the VMware support portal.
- Follow the detailed instructions provided in VMware’s official documentation for Aria Suite Lifecycle.
This patch is an essential update ensuring the security, efficiency, and reliability of VMware Aria Operations, and users are strongly encouraged to apply it promptly.
🔥Subscribe to the channel: youtube.be/@AngryAdmin 🔥
🚨Dive into my blog: angrysysops.com
🚨Snapshots 101: a.co/d/fJVHo5v
🌐Connect with us:
- 👊Facebook: facebook.com/AngrySysOps
- 👊X: twitter.com/AngrySysOps
- 👊My Podcast: creators.spotify.com/pod/show/angrysysops
- 👊Mastodon: techhub.social/@AngryAdmin
💻Website: angrysysops.com
🔥vExpert info: vExpert Portal
