Multiple Stored XSS Vulnerabilities Discovered in VMware NSX — Patch Now

Broadcom has released important updates addressing three newly disclosed vulnerabilities in VMware NSX, all of which expose users to Stored Cross-Site Scripting (XSS) attacks. These flaws—tracked as CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245—impact a range of VMware products including VMware NSX, VMware Cloud Foundation, and VMware Telco Cloud Platform.

According to Broadcom’s advisory, the vulnerabilities were privately reported and stem from “improper input validation” in key components of the NSX interface. These flaws could allow authenticated attackers to inject persistent, malicious JavaScript code that executes when unsuspecting administrators or users access specific configuration panels.

• CVE-2025-22243 – XSS in NSX Manager UI (CVSS 7.5 – Important Severity)
  A threat actor with privileges to modify network settings could inject malicious scripts into the Manager UI. “A malicious actor with privileges to create or modify network settings may be able to inject malicious code that gets executed when viewing the network settings,” the advisory explains.
• CVE-2025-22244 – XSS in Gateway Firewall (CVSS 6.9 – Moderate Severity)
  This vulnerability allows code injection via the URL filtering response page within the gateway firewall interface. “A malicious actor with access to create or modify the response page for filtering URL may be able to inject malicious code that gets executed when another user tries to access the filtered website.”
• CVE-2025-22245 – XSS in Router Port (CVSS 5.9 – Moderate Severity)
  Stored XSS in the router port configuration could allow attacks to be triggered when other users inspect router settings. “A malicious actor with privileges to create or modify router ports may be able to inject malicious code that gets executed when another user tries to access the router port.”

Broadcom lists all vulnerable versions across several product lines. Affected NSX versions include 4.2.x, 4.2.1.x, 4.1.x, and 4.0.x, with fixed versions available as:

• NSX 4.2.x → 4.2.2.1
• NSX 4.2.1.x → 4.2.1.4
• NSX 4.1.x and 4.0.x → 4.1.2.6

For users of VMware Cloud Foundation (v5.0–5.2), Broadcom recommends async patching NSX to version 4.2.2.1 or 4.1.2.6 using guidance in KB88287. Telco Cloud users are referred to KB396986 for upgrade paths.

While no public exploitation has been reported, administrators are urged to patch affected systems immediately, especially since the flaws require privileged access and could be used in post-exploitation or lateral movement scenarios.

Related Posts:

• VMware Addresses Local Privilege Escalation Vulnerability (CVE-2025-22231)
• The EU unease about Broadcom attempts to buy Qualcomm: Privacy data may be leaked
• VMware Cloud Foundation Vulnerable to Unauthorized Access and Data Exposure
• Broadcom’s Game-Changing Move: VMware Fusion and Workstation Now Free for All Users