Primary

Context

VMware ESXi and vCenter Server Reflected Cross-Site Scripting Vulnerability

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in VMware ESXi and vCenter Server. This issue arises from improper input validation, allowing a malicious actor with network access to certain URL paths to exploit the vulnerability. The exploitation could lead to cookie theft or redirection to malicious websites.

Impact

Exploitation of this vulnerability could result in reflected cross-site scripting, allowing for cookie theft or redirection to malicious websites.

Remediation

To address this vulnerability, users should apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' in the VMware security advisory VMSA-2025-0010.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.3

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.3

exploitability

6.0

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware ESXi and vCenter Server Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

VMware ESXi

VMware vCenter Server

VMware Workstation

VMware Fusion

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating