Vulnerability cyber

VMware

Jun 6, 2025 1 min read
VMware

Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway firewall, and router port components, with CVSS base scores ranging from 5.9 to 7.5. The vulnerabilities include a stored XSS flaw in NSX Manager UI, a stored XSS in gateway firewall response pages, and a stored XSS in router port configurations. VMware has released patches addressing all three vulnerabilities across affected product lines, emphasizing the need for immediate updates to mitigate the risk of privilege escalation and persistent XSS attacks.

Source: https://cybersecuritynews.com/vmware-nsx-xss-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/1337

"id": "133614060625",
"linkid": "1337",
"type": "Vulnerability",
"date": "6/2025",
"severity": "50",
"impact": "",
"explanation": "Attack without any consequences: Attack in which data is not compromised"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'VMware',
                        'type': 'Organization'}],
 'attack_vector': ['Stored XSS'],
 'date_detected': '2025-06-04',
 'date_publicly_disclosed': '2025-06-04',
 'description': 'Multiple Cross-Site Scripting (XSS) vulnerabilities in the '
                'VMware NSX network virtualization platform could allow '
                'malicious actors to inject and execute harmful code.',
 'impact': {'systems_affected': ['VMware NSX Manager UI',
                                 'Gateway Firewall',
                                 'Router Port Configurations']},
 'motivation': ['Privilege Escalation', 'Credential Theft', 'Lateral Movement'],
 'post_incident_analysis': {'corrective_actions': ['Patching'],
                            'root_causes': ['Inadequate input sanitization',
                                            'Privileged access requirements']},
 'recommendations': ['Immediately upgrade to the patched versions of VMware '
                     'NSX'],
 'references': [{'source': 'VMware Security Bulletin'}],
 'response': {'remediation_measures': ['Patching']},
 'title': 'Multiple Cross-Site Scripting (XSS) Vulnerabilities in VMware NSX',
 'type': 'Vulnerability',
 'vulnerability_exploited': ['CVE-2025-22243: Stored XSS Vulnerability in NSX '
                             'Manager UI',
                             'CVE-2025-22244: Stored XSS in Gateway Firewall '
                             'Response Pages',
                             'CVE-2025-22245: Stored XSS in Router Port '
                             'Configurations']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

HPE

public 1 min read
Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.