Security Advisory

CVE-2025-41228

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-20 14:24:34

Last updated 2025-06-24 07:14:21

Assigner vmware

State PUBLISHED

Description

VMware ESXi and vCenter Server contain a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

← Browse all CVEs View on cve.org ↗