June 8, 2026
π¨ VMware Stored XSS Vulnerabilities Expose Enterprise Systems to JavaScript Injection Attacks
In a recent security disclosure, multiple stored Cross-Site Scripting (XSS) vulnerabilities were identified in VMwareβs enterpriseβ¦
Manula Udyoga
1 min read
In a recent security disclosure, multiple stored Cross-Site Scripting (XSS) vulnerabilities were identified in VMware's enterprise virtualization ecosystem, affecting components such as VMware NSX, VMware Cloud Foundation, and Telco Cloud Platform. These flaws allow authenticated attackers to inject malicious JavaScript that executes inside administrative dashboards, potentially leading to session hijacking, credential theft, and full system compromise.
π§ What Happened?
Security researchers and Broadcom (VMware's parent organization) revealed a set of vulnerabilities tracked as:
- CVE-2025β22243 (NSX Manager UI β Stored XSS)
- CVE-2025β22244 (Gateway Firewall Response Pages β Stored XSS)
- CVE-2025β22245 (Router Port Configuration β Stored XSS)
These vulnerabilities stem from improper input validation in key configuration fields within VMware NSX environments.
π Attackers can inject malicious scripts into:
- DNS or network configuration fields
- Firewall block page templates
- Router port description fields
Once stored, these scripts execute automatically when legitimate administrators access affected interfaces.
β οΈ Why This Is Dangerous
Stored XSS is particularly risky because the payload is persistently saved inside the system.
When executed, the malicious JavaScript runs in the context of a trusted administrator session, enabling attackers to:
- Steal authentication tokens and session cookies
- Hijack administrative accounts
- Perform unauthorized configuration changes
- Enable lateral movement across enterprise infrastructure
In environments like VMware NSX β used for network virtualization and cloud security β this can lead to enterprise-wide compromise.
π’ Affected VMware Products
According to the advisory, impacted products include:
- VMware NSX (4.0.x β 4.2.x)
- VMware Cloud Foundation
- VMware Telco Cloud Platform
- NSX Manager UI components
- Gateway firewall modules
- Router port management interfaces
π§ Root Cause
The vulnerabilities share a common technical root:
β Improper input sanitization and validation of user-controlled fields
This allows attackers with sufficient privileges to store malicious payloads that are later executed in browser-based administrative sessions.
π‘οΈ Potential Attack Scenario
- Attacker gains limited administrative or configuration access
- Injects JavaScript payload into NSX configuration fields
- Victim (high-level admin) views infected configuration
- Script executes inside admin UI
- Attacker steals session tokens or performs actions as admin
π Mitigation & Fixes
VMware has released patches addressing these vulnerabilities.
Organizations are strongly advised to:
- π Apply the latest VMware security updates immediately
- π Audit NSX configuration fields for suspicious inputs
- π§Ό Sanitize all user inputs in custom templates and metadata
- π Restrict administrative access using least privilege principles
- π Monitor logs for unusual UI interactions
π Key Takeaway
These VMware stored XSS vulnerabilities highlight a critical lesson in cloud security:
Even trusted enterprise platforms can become attack surfaces when input validation is weak.
Organizations relying on VMware infrastructure should prioritize patching and continuous security monitoring to reduce exposure to UI-based injection attacks.