CVE-2025-22243 – VMware NSX Manager UI has a stored XSS vulnerab... (How to Fix)

Q: What is the severity of CVE-2025-22243?

CVE-2025-22243 has a CVSS score of 7.5 (HIGH). VMware NSX Manager UI has a stored XSS vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This affects organizations using VMware NSX Manager for network virtualization and security management. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

📋 TL;DR

VMware NSX Manager UI has a stored XSS vulnerability that allows attackers to inject malicious scripts into web pages viewed by other users. This affects organizations using VMware NSX Manager for network virtualization and security management. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:

VMware NSX Manager

Versions: Specific affected versions not provided in reference; check VMware advisory for exact version ranges

Operating Systems: Linux-based appliance

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects NSX Manager UI component; requires attacker to have UI access or trick authenticated user into visiting malicious page

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of NSX Manager administrative access leading to network infrastructure takeover, data exfiltration, or lateral movement to connected systems.

🟠

Likely Case

Session hijacking of NSX Manager administrators, allowing attackers to modify network policies, create backdoors, or disrupt network operations.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place, potentially only affecting UI display without code execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Stored XSS typically requires some level of UI access or social engineering; exploitation is straightforward once malicious payload is injected

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check VMware advisory for specific patched versions

Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738

Restart Required: Yes

Instructions:

1. Review VMware advisory for affected versions. 2. Download and apply the latest NSX Manager patch from VMware. 3. Restart NSX Manager services. 4. Verify UI functionality post-patch.

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement additional input validation for UI fields that accept user input

Not applicable - requires code changes

Content Security Policy

linux

Implement strict CSP headers to restrict script execution

Add 'Content-Security-Policy' header to NSX Manager web server configuration

🧯 If You Can't Patch

Restrict NSX Manager UI access to trusted networks only using firewall rules
Implement web application firewall (WAF) with XSS protection rules in front of NSX Manager

🔍 How to Verify

Check if Vulnerable:

Check NSX Manager version against VMware advisory; test UI input fields for script injection

Check Version:

ssh admin@nsx-manager-ip 'show version' or check via NSX Manager web interface

Verify Fix Applied:

Verify NSX Manager version is updated to patched version; test previously vulnerable input fields

📡 Detection & Monitoring

Log Indicators:

Unusual script tags in UI input logs
Multiple failed XSS attempts in web server logs
Unexpected JavaScript execution in browser console

Network Indicators:

Suspicious outbound connections from NSX Manager to external domains
Unusual HTTP POST requests with script payloads

SIEM Query:

source="nsx-manager-logs" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")

📊 Metadata

CVE ID: CVE-2025-22243

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

CWE: CWE-79

EPSS Score: 0.03% exploit probability (7.6th percentile)

Published: June 4, 2025

Last Updated: July 14, 2025

🔗 References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-22243, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Cloud Foundation by Vmware

Telco Cloud Infrastructure by Vmware

Telco Cloud Platform by Vmware

Vmware Nsx by Broadcom

Vmware Nsx by Broadcom

Vmware Nsx by Broadcom

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input Validation Enhancement

Content Security Policy

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities