A number of Cross-Website Scripting (XSS) vulnerabilities within the VMware NSX community virtualization platform may permit malicious actors to inject and execute dangerous code.
The safety bulletin printed on June 4, 2025, particulars three distinct vulnerabilities affecting VMware NSX Supervisor UI, gateway firewall, and router port parts, with CVSS base scores starting from 5.9 to 7.5.
CVE-2025-22243: Saved XSS Vulnerability in NSX Supervisor UI
The CVE-2025-22243 vulnerability represents a crucial saved Cross-Website Scripting (XSS) flaw in VMware NSX Supervisor’s consumer interface (UI), scoring a CVSSv3 base rating of seven.5 (Vital severity).
The difficulty stems from improper enter validation in community configuration fields, permitting persistent injection of malicious JavaScript payloads.
This vulnerability impacts all VMware NSX variations 4.0.x via 4.2.x, in addition to dependent platforms like VMware Cloud Basis and Telco Cloud Infrastructure.
An attacker with administrative privileges to switch community settings may embed malicious scripts in fields resembling DNS names or IP deal with descriptions.
These payloads execute mechanically when reputable directors view the compromised configurations via the NSX Supervisor UI.
The assault leverages the privilege escalation threat inherent in administration interfaces, because the injected code operates inside the sufferer’s session context, doubtlessly enabling credential theft or lateral motion.
CVE-2025-22244: Saved XSS in Gateway Firewall Response Pages
CVE-2025-22244 impacts NSX’s gateway firewall URL filtering element, carrying a CVSSv3 rating of 6.9 (Reasonable severity).
The vulnerability permits malicious actors to inject scripts into customized response pages proven when customers try and entry blocked web sites. This impacts NSX 4.0.x–4.2.x and dependent cloud platforms.
Attackers with gateway firewall configuration privileges can modify HTML templates for block pages to incorporate <script> tags or event-handler attributes.
When customers encounter these pages, their browsers execute the embedded code within the context of the NSX UI area, enabling session hijacking or phishing assaults.
CVE-2025-22245: Saved XSS in Router Port Configurations
The CVE-2025-22245 vulnerability (CVSSv3: 5.9, Reasonable) resides in NSX’s router port administration interface.
Improper sanitization of port description fields permits script injection, affecting NSX 4.0.x–4.2.x deployments and built-in cloud platforms. Malicious actors with router port modification rights can insert JavaScript into description metadata.
The payload triggers when different customers view or edit the compromised port configurations, doubtlessly intercepting community site visitors knowledge or altering routing tables. All three vulnerabilities share widespread root causes in insufficient enter sanitization and privileged entry necessities.
Patches Obtainable
VMware has launched complete patches addressing all three vulnerabilities throughout affected product strains.
For VMware NSX deployments, customers ought to instantly improve to model 4.2.2.1 for 4.2.x installations, 4.2.1.4 for 4.2.1.x variations, or 4.1.2.6 for each 4.1.x and 4.0.x deployments.
Notably, VMware has discontinued assist for 4.0.x variations, recommending migration to the 4.1.2.6 patch launch. VMware Cloud Basis environments require asynchronous patching to the corresponding NSX variations.
The patching course of varies by Cloud Basis model, with 5.2.x requiring NSX 4.2.2.1 and earlier variations requiring NSX 4.1.2.6.
VMware has confirmed that no workarounds exist for these vulnerabilities, making quick patching the one efficient mitigation technique.
Organizations ought to prioritize these updates, given the potential for privilege escalation and the persistent nature of saved cross-site scripting (XSS) assaults in community administration interfaces.
Pace up and enrich menace investigations with Risk Intelligence Lookup! -> 50 trial search requests
