EUVD-2025-16910CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
Lifecycle Timeline
3Description
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
Analysis
VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.
Technical Context
The vulnerability exists in the VMware NSX Manager web UI tier, which processes user input without adequate sanitization or encoding before storing and rendering it in HTML responses. This classic stored XSS vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) occurs when application fields accept user input, store it in backend data stores (databases, configuration files), and subsequently render that content to other authenticated users without proper HTML entity encoding or Content Security Policy (CSP) protections. The affected technology stack likely includes NSX Manager's REST API and web UI components built on Java/Spring frameworks common to VMware infrastructure products. CPE context would identify affected NSX Manager versions (typically CPE:2.3:a:vmware:nsx:*:*:*:*:manager:*:*:*), with specific version ranges requiring identification from vendor advisories.
Affected Products
VMware NSX Manager (specific versions not provided in prompt; typical affected ranges include NSX-T Data Center versions prior to patched builds). Affected CPE would be: CPE:2.3:a:vmware:nsx:*:*:*:*:manager:*:*:* with version constraints requiring extraction from VMware security advisories (VMSA). This vulnerability impacts deployments where NSX Manager UI is accessed by multiple authenticated administrators. Related products using shared NSX codebase (NSX Cloud, NSX Federated) may also be affected. Vendor advisory details and specific patched version numbers should be sourced from VMware's official security website (vmware.com/security) or the National Vulnerability Database (NVD) CVE-2025-22243 entry.
Remediation
Immediate actions: (1) Apply vendor-supplied security patches for NSX Manager UI component to patched versions (specific versions to be identified from VMware VMSA advisory). (2) If patching is not immediately possible, implement network segmentation to restrict NSX Manager UI access to trusted administrative networks only, reducing exposure to untrusted users. (3) Deploy Web Application Firewall (WAF) rules to detect/block injection payloads in common XSS attack vectors (script tags, event handlers, SVG payloads). (4) Enable and enforce Content Security Policy (CSP) headers in NSX Manager responses to prevent inline script execution. (5) Conduct administrative audit logs to identify if stored XSS has been exploited (search for malicious script injections in configuration audit trails). (6) Reset sessions/credentials for administrative accounts that may have been compromised via XSS attacks. Vendor patch availability and download links should be obtained from VMware's official security advisory pages; do not rely on third-party sources.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today