top of page
Insights from the Field
Security analysis, platform hardening strategies, and lessons learned from real-world assessments.
VMware NSX Advisory VMSA-2025-0012: Stored XSS Vulnerabilities in VMware NSX Manager and Firewall
What Is It? On June 4, 2025, Broadcom issued Security Advisory VMSA-2025-0012 disclosing three stored cross-site scripting (XSS) vulnerabilities affecting VMware NSX. These flaws exist within the NSX Manager user interface, Gateway Firewall, and Router Port components. They are tracked as CVE-2025-22243, CVE-2025-22244, and CVE-2025-22245. These vulnerabilities impact multiple NSX versions including 4.1.x, 4.2.1.x, and 4.2.x, and extend to affected deployments of VMware Cloud
Demetrios Mustakas Jr.
Jun 5, 2025
VMware Security Alert: Admin-to-Root Escalation in Aria Operations (CVE-2025-22231)
Introduction Broadcom has released VMSA-2025-0006, disclosing a local privilege escalation vulnerability in VMware Aria Operations. The vulnerability is tracked as CVE-2025-22231 and impacts multiple VMware platforms. Any attacker with local administrative access to the appliance can escalate privileges to root. There is no workaround. Patching is required. What Is It? CVE-2025-22231 is a local privilege escalation vulnerability affecting the following products: VMware Aria O
Demetrios Mustakas Jr.
Apr 2, 2025
bottom of page