VMSA-2025-0012: VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245)
25738
05 June 2025
04 June 2025
OPEN
HIGH
5.9-7.5
None
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245
Advisory ID: | VMSA-2025-0012 |
Advisory Severity: | Important |
CVSSv3 Range: | 5.9-7.5 |
Synopsis: | VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245) |
Issue date: | 2025-06-04 |
Updated on: | 2025-06-04 (Initial Advisory) |
CVE(s) | CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
1. Impacted Products
- VMware NSX
- Vmware Cloud Foundation
- VMware Telco Cloud Platform
2. Introduction
Multiple vulnerabilities in VMware NSX were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI (CVE-2025-22243)
Description:
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
Known Attack Vectors:
A malicious actor with privileges to create or modify network settings may be able to inject malicious code that gets executed when viewing the network settings.
Resolution:
To remediate CVE-2025-22243 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Dawid Jonienc for reporting this issue to us.
Notes:
None.
3b. Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall (CVE-2025-22244)
Description:
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.9.
Known Attack Vectors:
A malicious actor with access to create or modify the response page for filtering URL may be able to inject malicious code that gets executed when another user tries to access the filtered website.
Resolution:
To remediate CVE-2025-22244 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Łukasz Rupala of ING Hubs, Poland for reporting this issue to us.
Notes:
None.
3c. Stored Cross-Site Scripting (XSS) vulnerability in router port (CVE-2025-22245)
Description:
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.
Known Attack Vectors:
A malicious actor with privileges to create or modify router ports may be able to inject malicious code that gets executed when another user tries to access the router port.
Resolution:
To remediate CVE-2025-22245 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Łukasz Rupala of ING Hubs, Poland for reporting this issue to us.
Notes:
None.
Response Matrix:
VMware Product | Version | Running On | CVE | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
VMware NSX |
4.2.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
None |
None |
||
VMware NSX |
4.2.1.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
None |
None |
||
VMware NSX |
4.1.x, 4.0.x, 3.2.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
None |
None |
||
VMware Cloud Foundation |
5.2.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
Async patch to NSX 4.2.2.1 |
None |
Async Patching Guide: KB88287 |
|
VMware Cloud Foundation |
5.1.x, 5.0.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
Async patch to NSX 4.1.2.6 |
None |
Async Patching Guide: KB88287 |
|
VMware Cloud Foundation |
4.5.x |
Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
Important |
Async patch to NSX 4.2.2.1 (after upgrading to VCF 5.x) |
None |
Async Patching Guide: KB88287 |
|
VMware Telco Cloud Infrastructure | 3.x, 2.x | Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
7.5, 6.9, 5.9 | Important | KB396986 | None | None |
VMware Telco Cloud Platform | 5.x, 4.x, 3.x | Any |
CVE-2025-22243, CVE-2025-22244, CVE-2025-22245 |
7.5, 6.9, 5.9 | Important | KB396986 | None | None |
4. References:
Fixed Version(s) and Release Notes:
VMware NSX 4.2.2.1
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.2.1&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4221-release-notes.html
VMware NSX 4.2.1.4
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.1.4&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4214-release-notes.html
VMware NSX 4.1.2.6
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.1.2.6&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/release-notes/vmware-nsx-4126-release-notes.html
KB Articles:
Cloud Foundation 5.x:
https://knowledge.broadcom.com/external/article?legacyId=88287
Telco Cloud Platform 5.x, 4.x, 3.x:
https://knowledge.broadcom.com/external/article/396986
Telco Cloud Infrastructure 3.x, 2.x:
https://knowledge.broadcom.com/external/article/396986
Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-22243
https://www.cve.org/CVERecord?id=CVE-2025-22244
https://www.cve.org/CVERecord?id=CVE-2025-22245
FIRST CVSSv3 Calculator:
CVE-2025-22243: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
CVE-2025-22244: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
CVE-2025-22245: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
5. Change Log:
2025-06-04 VMSA-2025-0012
Initial security advisory.
6. Contact:
E-mail: [email protected]
PGP key
https://knowledge.broadcom.com/external/article/321551
VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories
VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response
VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle
VMware Security Blog
https://blogs.vmware.com/security
X
https://x.com/VMwareSRC
Copyright 2025 Broadcom. All rights reserved.