CVE-2025-22244: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

medium6.9CVSS 3.1

AVNACLPRHUIRSCCLIHAN

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

7 ranges

Vendor	Product	Version range	Fixed in
broadcom	vmware_nsx	—	—
broadcom	vmware_nsx	>= 3.2 < 4.1.2.6	4.1.2.6
broadcom	vmware_nsx	>= 4.2.1 < 4.2.1.4	4.2.1.4
vmware	cloud_foundation	4.5 – 5.2.1.2	—
vmware	telco_cloud_infrastructure	2.2 – 3.0	—
vmware	telco_cloud_platform	3.0 – 5.0	—
vmware	vmware_nsx	—	—