CVE-2025-41228

Name of the Vulnerable Software and Affected Versions VMware ESXi and vCenter Server (affected versions not specified)

Description The issue is related to a reflected cross-site scripting vulnerability due to improper input validation. A malicious actor with network access to the login page of certain ESXi host or vCenter Server URL paths may exploit this issue to steal cookies or redirect to malicious websites.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.