{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T14:16:05.678","vulnerabilities":[{"cve":{"id":"CVE-2025-22216","sourceIdentifier":"security@vmware.com","published":"2025-01-31T06:15:30.090","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A UAA configured with multiple identity zones, does not properly validate session information across those zones.  A User authenticated against a corporate IDP can re-use their jsessionid to access other zones."},{"lang":"es","value":"Un UAA configurado con múltiples zonas de identidad no valida correctamente la información de la sesión en esas zonas. Un usuario autenticado con un IDP corporativo puede reutilizar su jsessionid para acceder a otras zonas."}],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-384"}]}],"references":[{"url":"https://www.cloudfoundry.org/blog/cve-2025-22216-uaa-missing-zone-validation/","source":"security@vmware.com"}]}}]}