CVE-2025-41228

VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

CVSS 4.3 MEDIUMEPSS 0.7%CWE-79

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

VMware · Cloud Foundation VMware · ESXi VMware · Telco Cloud Infrastructure VMware · Telco Cloud Platform VMware · vCenter Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717