CVE-2025-22244

Published Jun 4, 2025

Last updated 3 days ago

CVSS medium 6.9

Overview

Description: VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
Source: security@vmware.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.9
Impact score: 4.7
Exploitability score: 1.7
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
Severity: MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

⚠️Vulnerabilidades en los productos VMware ❗CVE-2025-22243 ❗CVE-2025-22244 ➡️Más info: https://t.co/qtEpm99loo https://t.co/4vFEOjKd94
@CERTpy
10 Jun 2025
333 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA802D68-9739-4EF6-8A2A-841E5A30B747",
            "versionEndExcluding": "4.1.2.6",
            "versionStartIncluding": "3.2"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:vmware_nsx:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EA245FB-84B8-4B53-8697-029435CD793E",
            "versionEndExcluding": "4.2.1.4",
            "versionStartIncluding": "4.2.1"
          },
          {
            "criteria": "cpe:2.3:a:broadcom:vmware_nsx:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED3E4DA6-50BF-402E-AC32-29FB702C23DA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D2A1D50-E58C-4FB4-821E-CB17B4D6170C",
            "versionEndIncluding": "5.2.1.2",
            "versionStartIncluding": "4.5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:telco_cloud_infrastructure:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "904AA81A-D1C3-4DAF-BB2C-C51FEDF5B3F6",
            "versionEndIncluding": "3.0",
            "versionStartIncluding": "2.2"
          },
          {
            "criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0E78094-639D-47D6-998B-4EB111E45D18",
            "versionEndIncluding": "5.0",
            "versionStartIncluding": "3.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References