VMware NSX XSS Vulnerability Exposes Systems to Malicious Code Injection

Broadcom has issued a high-severity security advisory (VMSA-2025-0012) for VMware NSX, addressing three newly discovered stored Cross-Site Scripting (XSS) vulnerabilities: CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245.

These vulnerabilities impact the NSX Manager UI, gateway firewall, and router port components, exposing organizations to potential code injection attacks if left unpatched.

The vulnerabilities, all stemming from improper input validation, allow authenticated attackers to inject malicious scripts that execute when affected interfaces are viewed by other users.

The flaws are classified as Important, with CVSSv3 base scores ranging from 5.9 to 7.5, and no workarounds are currently available.

Technical Details and Exploit Scenarios

CVE-2025-22243 affects the NSX Manager UI, where attackers with privileges to alter network settings can inject persistent scripts.

When another user accesses the compromised settings, the malicious code executes in their browser context, potentially leading to session hijacking or data exfiltration.

CVE-2025-22244 targets the gateway firewall, enabling attackers to modify response pages for URL filtering.

This vulnerability can be exploited to execute injected scripts whenever a user accesses a filtered website.

Its CVSSv3 score is 6.9, reflecting moderate severity but significant risk in multi-user environments.

CVE-2025-22245 impacts router ports, where a privileged attacker can inject scripts into router port configurations.

Unsuspecting administrators or users accessing these ports may trigger the malicious payload, with a CVSSv3 score of 5.9.

All three vulnerabilities are classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a common category for XSS flaws.

Example XSS Payload:

javascript

If such a payload is injected into a vulnerable field, it will execute in the browser of any user who views the affected configuration page.

Broadcom recommends immediate patching, as there are no effective workarounds.

The following table summarizes the affected products, CVEs, severity, and fixed versions:

To remediate, administrators must upgrade to the fixed versions listed above.

For VMware Cloud Foundation and Telco Cloud Platform, asynchronous patching guides are available in Broadcom’s knowledge base.

Industry Response and Best Practices

Security researchers Dawid Jonienc and Łukasz Rupala were credited for responsibly disclosing these vulnerabilities.

The advisory underscores the importance of timely patch management, especially for critical infrastructure components such as NSX, which underpin network virtualization and security in enterprise environments.

Organizations running affected versions should prioritize patch deployment and review access controls to minimize the risk of exploitation.

Since no workarounds exist, delaying updates leaves systems vulnerable to XSS attacks that could compromise administrative sessions or facilitate lateral movement within the network.

For further details, administrators can consult VMware’s official advisory (VMSA-2025-0012) and the referenced CVE entries for technical breakdowns and patch instructions.

To Upgrade Your Cybersecurity Skills, Take Diamond Membership With 150+ Practical Cybersecurity Courses Online – Enroll Here