Proxmox Virtual Environment — known CVE vulnerabilities
Every CVE whose affected-product data names Proxmox Virtual Environment, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-35508 — CVSS 9.8 (critical): Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy…
CVE-2022-31358 — CVSS 9.0 (critical): A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute…
CVE-2023-43320 — CVSS 8.8 (high): An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway…
CVE-2022-35507 — CVSS 7.1 (high): A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows…
CVE-2025-57540 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox…
CVE-2025-57538 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the HTTP Proxy field within the Datacenter configuration panel of Proxmox Virtual…
CVE-2025-57539 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in the U2F Origin field of the Datacenter configuration in Proxmox Virtual Environment…