Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN905 _____________________________________________________________________ DATE : 26/12/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running AI Services for VMware Tanzu Platform versions prior to 10.3.2. ===================================================================== https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36640 _____________________________________________________________________ AI Services for VMware Tanzu Platform 10.3.2 Product/Component Tanzu Kubernetes Runtime Tanzu Kubernetes Runtime VMware Tanzu Application Service VMware Tanzu Kubernetes Grid Integrated Edition VMware Tanzu Platform VMware Tanzu Platform - Cloud Foundry VMware Tanzu Platform Core VMware Tanzu Platform - Kubernetes Vmware Tanzu Platform - SM Notification Id 36640 Last Updated 25 December 2025 Initial Publication Date 25 December 2025 Status CLOSED Severity CRITICAL CVSS Base Score 10 WorkAround N/A Affected CVE See CVE list in advisory Product Release Advisory - AI Services for VMware Tanzu Platform 10.3.2 Advisory ID TNZ-2025-0316 Tanzu Issue Date 2025-12-16 Updated on Highest Score CVE from list below advisory details Severity Critical CVSS V4 Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS V4 Score 9.4 (Sev: CRITICAL) CVSS V3.1 Vector Unavailable CVSS V3.1 Score Unavailable (Sev: Unavailable) CVSS V2 Vector Unavailable CVSS V2 Score Unavailable (Sev: Unavailable) Note: if cvss scores are "Unavailable" it is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup. Product Version Release Advisory Product Release AI Services for VMware Tanzu Platform 10.3.2 Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/platform-services/genai-on-tanzu-platform-for-cloud-foundry/10-2/ai-cf/release-notes.html Security Fixes: This release has the following security fixes, listed by component. Component Vulnerabilities Resolved bpm CVE-2024-45337 - GHSA-v778-237x-gjrc (Critical) CVE-2025-4674 (High) CVE-2025-52565 - GHSA-qw9x-cqr3-wc7r (High) CVE-2025-52881 - GHSA-cgrx-mc8f-2prm (High) CVE-2025-31133 - GHSA-9493-h29p-rfm2 (High) CVE-2025-22869 - GHSA-hcg3-q754-cr77 (High) CVE-2025-61729 (High) CVE-2025-61725 (High) CVE-2025-61723 (High) CVE-2025-58188 (High) CVE-2025-58187 (High) CVE-2025-22874 (High) CVE-2025-47907 (High) CVE-2025-4673 (Medium) CVE-2025-61727 (Medium) CVE-2025-47906 (Medium) CVE-2025-0913 (Medium) CVE-2022-29526 - GHSA-p782-xgp4-8hr8 (Medium) CVE-2025-61724 (Medium) CVE-2025-58189 (Medium) CVE-2025-58186 (Medium) CVE-2025-58185 (Medium) CVE-2025-47912 (Medium) CVE-2025-58183 (Medium) cf-cli CVE-2025-61725 (High) CVE-2025-61723 (High) CVE-2025-58188 (High) CVE-2025-58187 (High) CVE-2025-47910 (Medium) CVE-2025-61724 (Medium) CVE-2025-58189 (Medium) CVE-2025-58186 (Medium) CVE-2025-58185 (Medium) CVE-2025-47912 (Medium) CVE-2025-58183 (Medium) genai CVE-2025-62593 - GHSA-q279-jhrf-cc6v (Critical) CVE-2025-34351 - GHSA-gx77-xgc2-4888 (Critical) CVE-2023-48022 - GHSA-6wgj-66m2-xxp2 (Critical) CVE-2025-62164 - GHSA-mrw7-hf4f-83pf (High) CVE-2025-62727 - GHSA-7f5h-v6xp-fcq8 (High) CVE-2024-7254 - GHSA-735f-pc8j-v9w8 (High) CVE-2025-66448 - GHSA-8fr4-5q9j-m8gm (High) CVE-2025-62372 - GHSA-pmqf-x6x8-p7qw (Medium) CVE-2025-48924 - GHSA-j288-q9x7-2f5v (Medium) CVE-2025-62426 - GHSA-69j4-grxj-j64p (Medium) routing CVE-2025-61725 (High) CVE-2025-61723 (High) CVE-2025-58188 (High) CVE-2025-58187 (High) CVE-2025-47910 (Medium) CVE-2025-61724 (Medium) CVE-2025-58189 (Medium) CVE-2025-58186 (Medium) CVE-2025-58185 (Medium) CVE-2025-47912 (Medium) CVE-2025-58183 (Medium) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================