Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN690 _____________________________________________________________________ DATE : 13/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Tanzu for MySQL on Kubernetes. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36208 _____________________________________________________________________ Product Release Advisory - VMware Tanzu for MySQL on Kubernetes 2.0.0 Product/Component VMware Tanzu Data Intelligence VMware Tanzu Data Services VMware Tanzu Data Services Pack VMware Tanzu Data Services Solutions VMware Tanzu Data Suite VMware Tanzu for MySQL VMware Tanzu Platform Vmware Tanzu Platform - SM VMware Tanzu SQL Notification Id 36208 Last Updated 10 October 2025 Initial Publication Date 10 October 2025 Status CLOSED Severity CRITICAL CVSS Base Score 9.8 WorkAround Affected CVE Product Release Advisory Advisory ID: TNZ-2025-0097 Severity: Critical Issue Date: 2025-10-10 Updated on: 2025-10-10 Synopsis Many critical & high vulnerabilities were found in Tanzu for MySQL on Kubernetes 1.10, which is addressed in Tanzu for MySQL on Kubernetes 2.0 Product Version Release Advisory VMware Tanzu for MySQL on Kubernetes https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-mysql-on-kubernetes/2-0/vmware-mysql-k8s/cve.html Security Fixes This release has the following security fixes, listed by component and area. Component Vulnerabilities Resolved MySQL 1.10, fixed in MySQL 2.0 GHSA-8q59-q68h-6hv4 (critical) CVE-2024-24790 (critical) CVE-2022-1292 (critical) CVE-2022-2068 (critical) CVE-2025-22871 (critical) CVE-2024-5535 (critical) GHSA-v778-237x-gjrc (critical) CVE-2023-39323 (high) CVE-2023-44487 (high) CVE-2023-4807 (high) CVE-2023-39325 (high) CVE-2023-0401 (high) GHSA-4374-p667-p6c8 (high) CVE-2024-34156 (high) CVE-2023-5363 (high) CVE-2024-4741 (high) CVE-2022-3358 (high) CVE-2024-24784 (high) CVE-2024-6119 (high) CVE-2022-3602 (high) CVE-2023-45288 (high) CVE-2023-0215 (high) CVE-2023-0464 (high) CVE-2024-34158 (high) GHSA-hcg3-q754-cr77 (high) CVE-2023-0217 (high) CVE-2022-1473 (high) CVE-2023-45285 (high) CVE-2022-3786 (high) CVE-2023-0216 (high) CVE-2024-24791 (high) GHSA-m425-mq94-257g (high) CVE-2022-4450 (high) CVE-2022-3996 (high) CVE-2023-0286 (high) CVE-2025-4673 (medium) GHSA-43fp-rhv2-5gv8 (medium) CVE-2023-45290 (medium) CVE-2023-2650 (medium) CVE-2023-6129 (medium) CVE-2024-24787 (medium) CVE-2024-45336 (medium) CVE-2024-45341 (medium) GHSA-2wrh-6pvc-2jm9 (medium) CVE-2024-21160 (medium) CVE-2024-21219 (medium) CVE-2024-21213 (medium) CVE-2025-30682 (medium) CVE-2024-20965 (medium) CVE-2025-0938 (medium) CVE-2024-0450 (medium) CVE-2024-10041 (medium) CVE-2023-47038 (medium) CVE-2025-30687 (medium) CVE-2023-6918 (medium) CVE-2022-48560 (medium) CVE-2023-22078 (medium) CVE-2025-21579 (medium) CVE-2024-21069 (medium) CVE-2024-21236 (medium) CVE-2024-45492 (medium) CVE-2025-21490 (medium) CVE-2023-39804 (medium) CVE-2024-21051 (medium) CVE-2024-21198 (medium) CVE-2024-21050 (medium) CVE-2024-20962 (medium) CVE-2024-21015 (medium) CVE-2025-21521 (medium) CVE-2024-21239 (medium) CVE-2025-30703 (medium) CVE-2023-22079 (medium) CVE-2025-21503 (medium) CVE-2024-21197 (medium) CVE-2024-20983 (medium) CVE-2024-21179 (medium) CVE-2024-20966 (medium) CVE-2022-45061 (medium) CVE-2024-20963 (medium) CVE-2024-20964 (medium) CVE-2023-22097 (medium) CVE-2024-20996 (medium) CVE-2025-21581 (medium) CVE-2024-21057 (medium) CVE-2025-0395 (medium) CVE-2025-21519 (medium) CVE-2025-21494 (medium) CVE-2024-20984 (medium) CVE-2025-21575 (medium) CVE-2024-21053 (medium) CVE-2023-27043 (medium) CVE-2025-21492 (medium) CVE-2024-21130 (medium) CVE-2023-22070 (medium) CVE-2024-21166 (medium) CVE-2024-21196 (medium) CVE-2024-20977 (medium) CVE-2025-30681 (medium) CVE-2024-21061 (medium) CVE-2024-21177 (medium) CVE-2024-20973 (medium) CVE-2025-24528 (medium) CVE-2021-4189 (medium) CVE-2024-21207 (medium) CVE-2024-21055 (medium) CVE-2025-29088 (medium) CVE-2024-20994 (medium) CVE-2024-21201 (medium) CVE-2024-21054 (medium) CVE-2024-20960 (medium) CVE-2023-24329 (medium) CVE-2025-21501 (medium) CVE-2025-30684 (medium) CVE-2023-5156 (medium) CVE-2025-21518 (medium) CVE-2025-30705 (medium) CVE-2025-21559 (medium) CVE-2025-30722 (medium) CVE-2024-21241 (medium) CVE-2023-7104 (medium) CVE-2022-48564 (medium) CVE-2023-22064 (medium) CVE-2024-21135 (medium) CVE-2025-21525 (medium) CVE-2024-21013 (medium) CVE-2023-6004 (medium) CVE-2024-21009 (medium) CVE-2024-20969 (medium) CVE-2022-48566 (medium) CVE-2025-4802 (medium) CVE-2024-28182 (medium) CVE-2024-21212 (medium) CVE-2024-6232 (medium) CVE-2024-3596 (medium) CVE-2024-12088 (medium) CVE-2024-50602 (medium) CVE-2024-8088 (medium) CVE-2023-36054 (medium) GHSA-vvgc-356p-c3xw (medium) CVE-2025-30693 (medium) CVE-2025-21585 (medium) CVE-2024-21159 (medium) CVE-2024-21157 (medium) CVE-2024-20998 (medium) CVE-2025-30685 (medium) CVE-2024-21162 (medium) CVE-2023-22032 (medium) CVE-2024-37370 (medium) CVE-2023-40217 (medium) CVE-2024-33599 (medium) CVE-2024-21087 (medium) CVE-2023-22059 (medium) CVE-2022-40735 (medium) CVE-2024-21134 (medium) CVE-2025-30721 (medium) CVE-2024-28085 (medium) CVE-2024-2961 (medium) CVE-2024-20974 (medium) CVE-2025-30695 (medium) CVE-2023-22103 (medium) CVE-2024-21062 (medium) CVE-2023-46218 (medium) CVE-2023-6597 (medium) CVE-2024-6923 (medium) CVE-2024-12085 (medium) CVE-2024-33602 (medium) CVE-2024-21129 (medium) CVE-2024-20961 (medium) CVE-2024-2398 (medium) CVE-2025-30689 (medium) CVE-2025-21491 (medium) CVE-2024-21173 (medium) CVE-2024-21194 (medium) CVE-2023-22068 (medium) CVE-2024-21096 (medium) CVE-2024-21052 (medium) CVE-2025-30688 (medium) CVE-2024-21047 (medium) CVE-2025-21522 (medium) CVE-2024-21008 (medium) CVE-2023-48795 (medium) CVE-2025-21536 (medium) CVE-2024-20985 (medium) CVE-2024-33600 (medium) CVE-2024-21165 (medium) CVE-2022-0391 (medium) CVE-2024-21237 (medium) CVE-2023-22066 (medium) CVE-2024-20970 (medium) CVE-2025-30696 (medium) CVE-2024-28834 (medium) CVE-2023-5981 (medium) CVE-2024-21127 (medium) CVE-2024-21060 (medium) CVE-2024-21185 (medium) CVE-2024-21199 (medium) CVE-2024-0553 (medium) CVE-2024-11168 (medium) CVE-2024-21230 (medium) CVE-2024-21137 (medium) CVE-2025-21580 (medium) CVE-2024-21125 (medium) CVE-2024-20972 (medium) CVE-2025-21577 (medium) CVE-2024-21163 (medium) CVE-2025-21500 (medium) CVE-2025-21504 (medium) CVE-2024-21142 (medium) CVE-2023-22114 (medium) CVE-2024-21102 (medium) CVE-2024-45490 (medium) CVE-2023-22084 (medium) CVE-2024-37371 (medium) CVE-2024-21000 (medium) CVE-2024-21200 (medium) CVE-2025-21574 (medium) CVE-2024-21049 (medium) CVE-2025-21584 (medium) CVE-2025-30683 (medium) CVE-2024-20981 (medium) CVE-2024-12243 (medium) CVE-2025-21534 (medium) CVE-2024-12133 (medium) CVE-2025-21497 (medium) CVE-2024-22365 (medium) CVE-2024-12747 (medium) CVE-2024-20971 (medium) CVE-2024-21171 (medium) CVE-2024-9287 (medium) CVE-2024-21193 (medium) CVE-2024-21056 (medium) CVE-2025-21546 (medium) CVE-2024-45491 (medium) CVE-2022-48565 (medium) CVE-2024-20967 (medium) CVE-2024-12087 (medium) CVE-2024-20978 (medium) CVE-2023-22092 (medium) CVE-2025-21529 (medium) CVE-2025-3576 (medium) CVE-2025-21523 (medium) CVE-2025-30699 (medium) CVE-2025-21555 (medium) CVE-2023-22112 (medium) CVE-2024-20993 (medium) CVE-2024-20976 (medium) CVE-2024-20982 (medium) CVE-2024-20968 (medium) CVE-2025-21540 (medium) CVE-2025-30704 (medium) CVE-2024-33601 (medium) CVE-2025-40909 (medium) CVE-2025-21505 (medium) CVE-2025-30715 (medium) CVE-2024-8096 (medium) CVE-2024-24783 (medium) CVE-2023-1255 (medium) CVE-2024-2511 (medium) GHSA-45x7-px36-x8w8 (medium) CVE-2023-6237 (medium) CVE-2022-1434 (medium) CVE-2022-4304 (medium) CVE-2024-24789 (medium) CVE-2024-0727 (medium) CVE-2024-24785 (medium) CVE-2023-5678 (medium) CVE-2022-1343 (medium) CVE-2023-2975 (medium) GHSA-4v7x-pqxf-cx7m (medium) CVE-2023-3446 (medium) CVE-2023-39326 (medium) CVE-2024-4603 (medium) CVE-2022-2097 (medium) CVE-2023-3817 (medium) GHSA-qppj-fm5r-hxr3 (medium) CVE-2023-0466 (medium) CVE-2023-0465 (medium) CVE-2022-4203 (medium) GHSA-qxp5-gwg8-xv66 (medium) CVE-2023-45289 (medium) CVE-2024-34155 (medium) CVE-2024-9143 (medium) CVE-2025-22866 (medium) GHSA-29wx-vh33-7x7r (low) CVE-2024-4032 (low) CVE-2025-27587 (low) CVE-2023-2953 (low) CVE-2023-4806 (low) CVE-2023-7008 (low) CVE-2023-29383 (low) CVE-2023-26604 (low) CVE-2023-4641 (low) CVE-2013-4235 (low) CVE-2021-46848 (low) CVE-2023-4813 (low) CVE-2024-5642 (low) CVE-2024-26461 (low) CVE-2023-45918 (low) CVE-2024-21231 (low) CVE-2023-4039 (low) CVE-2024-2236 (low) CVE-2016-2781 (low) CVE-2023-38546 (low) CVE-2023-4016 (low) CVE-2024-26458 (none) CVE-2017-11164 (none) CVE-2016-20013 (none) History 2025-10-10 Initial vulnerability report published. Contact E-mail: tanzu.psirt@broadcom.com VMware Tanzu Security Advisories: https://tanzu.vmware.com/security ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================