VMSA-2025-0012: VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245)

VMware NSX

0 more products

25738

05 June 2025

04 June 2025

OPEN

HIGH

5.9-7.5

None

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

Advisory ID:  VMSA-2025-0012
Advisory Severity: Important
CVSSv3 Range: 5.9-7.5
Synopsis: VMware NSX updates address multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245)
Issue date: 2025-06-04
Updated on: 2025-06-04 (Initial Advisory)
CVE(s)  CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

 

1. Impacted Products

  • VMware NSX
  • Vmware Cloud Foundation
  • VMware Telco Cloud Platform

2. Introduction

Multiple vulnerabilities in VMware NSX were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. Stored Cross-Site Scripting (XSS) vulnerability in Manager-UI (CVE-2025-22243)

Description:
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors:
A malicious actor with privileges to create or modify network settings may be able to inject malicious code that gets executed when viewing the network settings.

Resolution:
To remediate CVE-2025-22243 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.


Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Dawid Jonienc for reporting this issue to us.

Notes:
None.

3b. Stored Cross-Site Scripting (XSS) vulnerability in gateway firewall (CVE-2025-22244)

Description:

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.9.

Known Attack Vectors:
A malicious actor with access to create or modify the response page for filtering URL may be able to inject malicious code that gets executed when another user tries to access the filtered website.

Resolution:
To remediate CVE-2025-22244 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.


Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Łukasz Rupala of ING Hubs, Poland for reporting this issue to us.

Notes:
None.

3c. Stored Cross-Site Scripting (XSS) vulnerability in router port (CVE-2025-22245)

Description:
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.9.

Known Attack Vectors:
A malicious actor with privileges to create or modify router ports may be able to inject malicious code that gets executed when another user tries to access the router port.

Resolution:
To remediate CVE-2025-22245 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.


Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Łukasz Rupala of ING Hubs, Poland for reporting this issue to us.

Notes:
None.

Response Matrix: 

VMware Product Version Running On CVE CVSSv3 Severity Fixed Version Workarounds Additional Documentation

VMware NSX

4.2.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

 7.5, 6.9, 5.9

Important

4.2.2.1

None

None

VMware NSX

4.2.1.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

 7.5, 6.9, 5.9

Important

4.2.1.4

None

None

VMware NSX

4.1.x, 4.0.x, 3.2.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9

Important

4.1.2.6

None

None

VMware Cloud Foundation 

5.2.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9

Important

Async patch to NSX 4.2.2.1

None

Async Patching Guide: KB88287

VMware Cloud Foundation 

5.1.x, 5.0.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9

Important

Async patch to NSX 4.1.2.6

None

Async Patching Guide: KB88287

VMware Cloud Foundation 

4.5.x

Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9

Important

Async patch to NSX 4.2.2.1 (after upgrading to VCF 5.x)

None

Async Patching Guide: KB88287

VMware Telco Cloud Infrastructure 3.x, 2.x  Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9 Important KB396986 None None
VMware Telco Cloud Platform 5.x, 4.x, 3.x Any

CVE-2025-22243, CVE-2025-22244, CVE-2025-22245

7.5, 6.9, 5.9 Important KB396986 None None
 

4. References:

Fixed Version(s) and Release Notes:

VMware NSX 4.2.2.1
Downloads and Documentation

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.2.1&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4221-release-notes.html

VMware NSX 4.2.1.4
Downloads and Documentation

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.2.1.4&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-4214-release-notes.html

VMware NSX 4.1.2.6
Downloads and Documentation

https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20NSX&displayGroup=VMware%20NSX&release=4.1.2.6&os=&servicePk=&language=EN
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-1/release-notes/vmware-nsx-4126-release-notes.html

KB Articles:
Cloud Foundation 5.x:
https://knowledge.broadcom.com/external/article?legacyId=88287

Telco Cloud Platform 5.x, 4.x, 3.x:

https://knowledge.broadcom.com/external/article/396986 

Telco Cloud Infrastructure 3.x, 2.x:

https://knowledge.broadcom.com/external/article/396986 

Mitre CVE Dictionary Links:
https://www.cve.org/CVERecord?id=CVE-2025-22243

https://www.cve.org/CVERecord?id=CVE-2025-22244
https://www.cve.org/CVERecord?id=CVE-2025-22245

FIRST CVSSv3 Calculator: 
CVE-2025-22243: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
CVE-2025-22244: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:N
CVE-2025-22245: https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

5. Change Log:

2025-06-04 VMSA-2025-0012
Initial security advisory.

6. Contact:

E-mail: [email protected]

PGP key
https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories
https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases
https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog
https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

 

Copyright 2025 Broadcom. All rights reserved.