CVE-2025-22244

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 64.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Vmware NSX Vmware Cloud Foundation Vmware Telco Cloud Infrastructure +2 more

Timeline

PublishedJun 4

Description

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:NExploitability: 1.7 | Impact: 4.7

Affected Packages5 packages

▶NVDbroadcom/vmware_nsx3.2 — 4.1.2.6+2

▶NVDvmware/cloud_foundation4.5 — 5.2.1.2

▶NVDvmware/telco_cloud_platform3.0 — 5.0

▶NVDvmware/telco_cloud_infrastructure2.2 — 3.0

▶CVEListV5vmware/vmware_nsxVMware NSX 4.0.x, VMware NSX 4.1.x, VMware NSX 4.2.x

🔴Vulnerability Details

GHSA

GHSA-xr62-x8gm-j2h5: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation↗2025-06-04

▶

CVEList

CVE-2025-22244: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation↗2025-06-04

▶