VMware NSX XSS Vulnerabilities Allows Attackers to inject malicious code

VMware has disclosed three critical Cross-Site Scripting (XSS) vulnerabilities affecting its NSX network virtualization platform, potentially allowing malicious actors to inject and execute harmful code within enterprise networks.

The security advisory, released on June 4, 2025, marks these vulnerabilities as “Important” severity with CVSS scores ranging from 5.9 to 7.5.

The vulnerabilities, designated as CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245, represent stored XSS attacks targeting different components of the NSX infrastructure.

The most severe vulnerability, CVE-2025-22243, affects the NSX Manager UI with a CVSS score of 7.5, where attackers with network configuration privileges can inject malicious code that executes when administrators view network settings.

CVE-2025-22244 targets the gateway firewall component with a CVSS score of 6.9, enabling attackers to compromise URL filtering response pages.

When users attempt to access filtered websites, the injected malicious code executes automatically. The third vulnerability, CVE-2025-22245, affects router port configurations with a CVSS score of 5.9, allowing code injection through router port modification interfaces.

All three vulnerabilities stem from improper input validation across the NSX platform, demonstrating a systemic issue in how the software handles user-provided data.

Security researchers Dawid Jonienc and Łukasz Rupala of ING Hubs, Poland, responsibly disclosed these vulnerabilities to VMware through private reporting channels.

NSX XSS Vulnerability

The vulnerabilities affect multiple VMware product lines beyond standalone NSX deployments.

VMware Cloud Foundation versions 5.0.x through 5.2.x require asynchronous patching to address the NSX components, while VMware Telco Cloud Platform and Infrastructure products spanning versions 2.x through 5.x are also impacted.

The attack scenarios pose significant risks to enterprise environments. In the Manager UI vulnerability, attackers with existing network privileges can embed persistent malicious scripts that target administrators with elevated access.

The gateway firewall vulnerability creates opportunities for web-based attacks, where malicious code executes when users encounter filtered content.

Router port vulnerabilities enable attackers to compromise network infrastructure viewing interfaces, potentially affecting network operations personnel.

VMware’s assessment indicates that while these are stored XSS vulnerabilities rather than remote code execution vulnerabilities, they still present substantial security risks in enterprise environments where privileged users regularly interact with NSX interfaces.

Immediate Patching

VMware has released security patches across all affected NSX versions, with no temporary workarounds available for organizations seeking interim protection.

NSX 4.2.x users should upgrade to version 4.2.2.1, while 4.2.1.x installations require updating to 4.2.1.4. Both NSX 4.1.x and 4.0.x versions need upgrading to 4.1.2.6.

Cloud Foundation environments require asynchronous patching following VMware’s KB88287 guidance, while Telco Cloud products reference KB396986 for remediation procedures.

The absence of workarounds emphasizes the critical nature of implementing these patches promptly.

Organizations running affected VMware NSX deployments should prioritize these updates, particularly given the potential for privilege escalation and the persistent nature of stored XSS attacks.

Security teams should also review access controls for NSX management interfaces and monitor for suspicious activity in network configuration areas.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Update

The post VMware NSX XSS Vulnerabilities Allows Attackers to inject malicious code appeared first on Cyber Security News.