CVE-2025-41228: 
vSphere ESXi Hypervisor vulnerability analysis and mitigation

CVE-2025-41228 is a reflected cross-site scripting (XSS) vulnerability affecting VMware ESXi and vCenter Server, discovered and disclosed on May 20, 2025. The vulnerability exists due to improper input validation in the login pages of ESXi host and vCenter Server URL paths. The affected products include VMware ESXi 7.0/8.0, vCenter Server 7.0/8.0, VMware Cloud Foundation, Telco Cloud Platform, and Telco Cloud Infrastructure (VMware Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Moderate) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This scoring indicates that the vulnerability can be exploited remotely without requiring privileges but does require user interaction. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD, VMware Advisory).

If successfully exploited, this vulnerability allows malicious actors to steal cookies or redirect users to malicious websites. The attack requires network access to the login page of certain ESXi host or vCenter Server URL paths (VMware Advisory).

VMware has released patches to address this vulnerability. For vCenter Server, users should update to version 8.0 U3e or 7.0 U3v. For ESXi, patches ESXi80U3se-24659227 (for version 8.0) or ESXi70U3sv-24723868 (for version 7.0) should be applied. No workarounds are available for this vulnerability, making patch installation the only remediation option (VMware Advisory).

The vulnerability was publicly disclosed as part of a larger security advisory (VMSA-2025-0010) that addressed multiple vulnerabilities in VMware products. Security experts consider this vulnerability less severe compared to other vulnerabilities disclosed in the same advisory, particularly due to its moderate CVSS score and the requirement for user interaction (Wiz).