CVE-2025-41228

VMware ESXi and vCenter Server Reflected Cross Site Scripting (XSS) Vulnerability

CVSS 4.3 MEDIUMEPSS 0.7%CWE-79

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 4.3EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

20 mai 2025Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

VMware · Cloud Foundation VMware · ESXi VMware · Telco Cloud Infrastructure VMware · Telco Cloud Platform VMware · vCenter Server

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717