Nsx
by VMware
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-41251 | Hig | 0.53 | 8.1 | 0.01 | Sep 29, 2025 | VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack… | ||
| CVE-2021-21981 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2021 | VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | ||
| CVE-2025-41252 | Hig | 0.49 | 7.5 | 0.01 | Sep 29, 2025 | Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. … | ||
| CVE-2025-22244 | Med | 0.45 | 6.9 | 0.00 | Jun 4, 2025 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation. | ||
| CVE-2024-38818 | Med | 0.44 | 6.7 | 0.00 | Oct 9, 2024 | VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned. | ||
| CVE-2024-38817 | Med | 0.44 | 6.7 | 0.01 | Oct 9, 2024 | VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root. | ||
| CVE-2023-20868 | Med | 0.40 | 6.1 | 0.00 | May 26, 2023 | NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages. | ||
| CVE-2025-22245 | Med | 0.38 | 5.9 | 0.00 | Jun 4, 2025 | VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation. | ||
| CVE-2020-3993 | Med | 0.38 | 5.9 | 0.01 | Oct 20, 2020 | VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the… | ||
| CVE-2024-38815 | Med | 0.28 | 4.3 | 0.00 | Oct 9, 2024 | VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure. | ||
| CVE-2014-3796 | 0.00 | — | 0.02 | Sep 15, 2014 | VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors. |
- risk 0.53cvss 8.1epss 0.01
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. Attack…
- risk 0.51cvss 7.8epss 0.00
VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level.
- risk 0.49cvss 7.5epss 0.01
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. …
- risk 0.45cvss 6.9epss 0.00
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
- risk 0.44cvss 6.7epss 0.00
VMware NSX contains a local privilege escalation vulnerability. An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
- risk 0.44cvss 6.7epss 0.01
VMware NSX contains a command injection vulnerability. A malicious actor with access to the NSX Edge CLI terminal may be able to craft malicious payloads to execute arbitrary commands on the operating system as root.
- risk 0.40cvss 6.1epss 0.00
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
- risk 0.38cvss 5.9epss 0.00
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
- risk 0.38cvss 5.9epss 0.01
VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the…
- risk 0.28cvss 4.3epss 0.00
VMware NSX contains a content spoofing vulnerability. An unauthenticated malicious actor may be able to craft a URL and redirect a victim to an attacker controlled domain leading to sensitive information disclosure.
- CVE-2014-3796Sep 15, 2014risk 0.00cvss —epss 0.02
VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) 5.1 before 5.1.4.2 and 5.5 before 5.5.3, does not properly validate input, which allows attackers to obtain sensitive information via unspecified vectors.