What is the CVSS score of CVE-2025-22243?

CVE-2025-22243 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H. EPSS exploitation probability: 0.0%.

Which versions of Cloud Foundation are affected by CVE-2025-22243?

VMware NSX Manager UI contains a stored cross-site scripting vulnerability that could allow attackers to inject malicious code affecting all users with access to the management interface.

How to fix or mitigate CVE-2025-22243?

Within 24 hours: Identify all NSX Manager instances in your environment and restrict UI access to trusted networks only via firewall rules. Within 7 days: Implement Web Application Firewall (WAF) rules to block XSS payloads targeting NSX Manager input fields and conduct an audit of recent admin activity for signs of compromise. Within 30 days: Establish a vendor contact plan to obtain and deploy the patch immediately upon release; implement additional monitoring on NSX Manager for suspicious input patterns.

Cloud Foundation CVE-2025-22243

EUVD-2025-16910 HIGH

Cross-site Scripting (XSS) (CWE-79)

2025-06-04 security@vmware.com

XSS VMware Cloud Foundation Telco Cloud Infrastructure Telco Cloud Platform Vmware Nsx

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:29 euvd

EUVD-2025-16910

Analysis Generated

Mar 14, 2026 - 17:29 vuln.today

CVE Published

Jun 04, 2025 - 20:15 nvd

HIGH 7.5

DescriptionNVD

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

AnalysisAI

VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.

Technical ContextAI

The vulnerability exists in the VMware NSX Manager web UI tier, which processes user input without adequate sanitization or encoding before storing and rendering it in HTML responses. This classic stored XSS vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) occurs when application fields accept user input, store it in backend data stores (databases, configuration files), and subsequently render that content to other authenticated users without proper HTML entity encoding or Content Security Policy (CSP) protections. The affected technology stack likely includes NSX Manager's REST API and web UI components built on Java/Spring frameworks common to VMware infrastructure products. CPE context would identify affected NSX Manager versions (typically CPE:2.3:a:vmware:nsx:*:*:*:*:manager:*:*:*), with specific version ranges requiring identification from vendor advisories.

RemediationAI

Immediate actions: (1) Apply vendor-supplied security patches for NSX Manager UI component to patched versions (specific versions to be identified from VMware VMSA advisory). (2) If patching is not immediately possible, implement network segmentation to restrict NSX Manager UI access to trusted administrative networks only, reducing exposure to untrusted users. (3) Deploy Web Application Firewall (WAF) rules to detect/block injection payloads in common XSS attack vectors (script tags, event handlers, SVG payloads). (4) Enable and enforce Content Security Policy (CSP) headers in NSX Manager responses to prevent inline script execution. (5) Conduct administrative audit logs to identify if stored XSS has been exploited (search for malicious script injections in configuration audit trails). (6) Reset sessions/credentials for administrative accounts that may have been compromised via XSS attacks. Vendor patch availability and download links should be obtained from VMware's official security advisory pages; do not rely on third-party sources.

CVE-2025-22243 vulnerability details – vuln.today

Back