1. Impacted Products

• VMware NSX
• NSX-T
• Vmware Cloud Foundation
• VMware Telco Cloud Platform

2. Introduction

Multiple vulnerabilities in VMware NSX were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI (CVE-2025-22243)

Description:
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors:
A malicious actor with privileges to create or modify network settings may be able to inject malicious code that gets executed when viewing the network settings.

Resolution:
To remediate CVE-2025-22243 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Dawid Jonienc for reporting this issue to us.

Notes:
None.

3b. Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall (CVE-2025-22244)

Description:

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.9.

Known Attack Vectors:
A malicious actor with access to create or modify the response page for filtering URL may be able to inject malicious code that gets executed when another user tries to access the filtered website.

Resolution:
To remediate CVE-2025-22244 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Łukasz Rupala and Jakub Skupień of ING Hubs, Poland for reporting this issue to us.

Notes:
None.

3c. Stored Cross-Site Scripting (XSS) vulnerability in router port (CVE-2025-22245)

Description:
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

Known Attack Vectors:
A malicious actor with privileges to create or modify router ports may be able to inject malicious code that gets executed when another user tries to access the router port.

Resolution:
To remediate CVE-2025-22245 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Łukasz Rupala of ING Hubs, Poland for reporting this issue to us.

Notes:
None.

Response Matrix: 

4. References:

Fixed Version(s) and Release Notes:

VMware NSX 4.2.2.1
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.2.1&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4221-release-notes.html

VMware NSX 4.2.1.4
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.1.4&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4214-release-notes.html

VMware NSX 4.1.2.6
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.1.2.6&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/release-notes/vmware-nsx-4126-release-notes.html

NSX-T 3.2.4.2
Downloads and Documentation
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=3.2.4.2&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/3-2/release-notes/vmware-nsxt-data-center-3242-release-notes.html

KB Articles:
Cloud Foundation 5.x:
https://knowledge.broadcom.com/external/article?legacyId=88287

Telco Cloud Platform 5.x, 4.x, 3.x, 2.x:

https://knowledge.broadcom.com/external/article/396986 

Telco Cloud Infrastructure 3.x, 2.x:

https://knowledge.broadcom.com/external/article/396986 

Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-22243
https://www.cve.org/CVERecord?id=CVE-2025-22244
https://www.cve.org/CVERecord?id=CVE-2025-22245

FIRST CVSSv3 Calculator: 
CVE-2025-22243: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
CVE-2025-22244: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
CVE-2025-22245: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5. Change Log:

2025-06-04 VMSA-2025-0012
Initial security advisory.

2025-06-04 VMSA-2025-0012.1
Updated Response Matrix with latest NSX-T patch 3.2.4.2 released on 2025-07-18

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases

https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog

https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom. All rights reserved.