CVE-2025-41228

VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

CVSS 4.3 MEDIUMEPSS 0.7%CWE-79

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Productos afectados

VMware · Cloud Foundation VMware · ESXi VMware · Telco Cloud Infrastructure VMware · Telco Cloud Platform VMware · vCenter Server

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717