![iOS 18 Adoption Reaches 82% [Chart]](https://www.iclarified.com/images/news/97512/97512/97512-640.jpg)
![Apple Shares Official Trailer for 'The Wild Ones' [Video]](https://www.iclarified.com/images/news/97515/97515/97515-1280.jpg)
![[The AI Show Episode 151]: Anthropic CEO: AI Will Destroy 50% of Entry-Level Jobs, Veo 3’s Scary Lifelike Videos, Meta Aims to Fully Automate Ads & Perplexity’s Burning Cash](https://www.marketingaiinstitute.com/hubfs/ep%20151%20cover.png)
![[DEALS] FileJump 2TB Cloud Storage: Lifetime Subscription (85% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
-0-8-screenshot.png?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
.jpg?width=1920&height=1920&fit=bounds&quality=70&format=jpg&auto=webp#)
VMware NSX XSS Vulnerability Allows Attackers to Inject Malicious Code
Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code. The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway firewall, and router port components, with CVSS base scores ranging from 5.9 to 7.5. CVE-2025-22243: […] The post VMware NSX XSS Vulnerability Allows Attackers to Inject Malicious Code appeared first on Cyber Security News.
Multiple Cross-Site Scripting (XSS) vulnerabilities in the VMware NSX network virtualization platform could allow malicious actors to inject and execute harmful code.
The security bulletin published on June 4, 2025, details three distinct vulnerabilities affecting VMware NSX Manager UI, gateway firewall, and router port components, with CVSS base scores ranging from 5.9 to 7.5.
CVE-2025-22243: Stored XSS Vulnerability in NSX Manager UI
The CVE-2025-22243 vulnerability represents a critical stored Cross-Site Scripting (XSS) flaw in VMware NSX Manager’s user interface (UI), scoring a CVSSv3 base score of 7.5 (Important severity).
The issue stems from improper input validation in network configuration fields, allowing persistent injection of malicious JavaScript payloads.
This vulnerability impacts all VMware NSX versions 4.0.x through 4.2.x, as well as dependent platforms like VMware Cloud Foundation and Telco Cloud Infrastructure.
An attacker with administrative privileges to modify network settings could embed malicious scripts in fields such as DNS names or IP address descriptions.
These payloads execute automatically when legitimate administrators view the compromised configurations through the NSX Manager UI.
The attack leverages the privilege escalation risk inherent in management interfaces, as the injected code operates within the victim’s session context, potentially enabling credential theft or lateral movement.
CVE-2025-22244: Stored XSS in Gateway Firewall Response Pages
CVE-2025-22244 affects NSX’s gateway firewall URL filtering component, carrying a CVSSv3 score of 6.9 (Moderate severity).
The vulnerability allows malicious actors to inject scripts into custom response pages shown when users attempt to access blocked websites. This impacts NSX 4.0.x–4.2.x and dependent cloud platforms.
Attackers with gateway firewall configuration privileges can modify HTML templates for block pages to include
