cvelistv5 - cve-2025-5981

CVE-2025-5981 (GCVE-0-2025-5981)

Vulnerability from cvelistv5 – Published: 2025-06-18 08:28 – Updated: 2025-06-18 13:42

Summary

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Severity ?

5.7 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

CWE

CWE-427 - Uncontrolled Search Path Element

Assigner

Google

References

URL

Tags

	https://github.com/google/osv-scalibr/releases/ta…
	https://github.com/google/osv-scalibr/commit/2444…

Impacted products

	Vendor	Product	Version
	Google	osv-scalibr	Affected: 0.1.3 , < 0.1.8 (semver)

Credits

Anthony Weems of Google's Cloud Vulnerability Research team Simon Scannell of Google's Cloud Vulnerability Research team Stefan Schiller of Google's Cloud Vulnerability Research team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5981",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-18T13:42:36.658295Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-18T13:42:49.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/google/osv-scalibr",
          "defaultStatus": "unaffected",
          "packageName": "osv-scalibr",
          "product": "osv-scalibr",
          "programFiles": [
            "artifact/image/layerscanning/image/image.go"
          ],
          "vendor": "Google",
          "versions": [
            {
              "lessThan": "0.1.8",
              "status": "affected",
              "version": "0.1.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Anthony Weems of Google\u0027s Cloud Vulnerability Research team"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Simon Scannell of Google\u0027s Cloud Vulnerability Research team"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Stefan Schiller of Google\u0027s Cloud Vulnerability Research team"
        }
      ],
      "datePublic": "2025-04-24T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eArbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s \u003c/span\u003e\u003ccode\u003eunpack()\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;function for container images. Particularly, when using the CLI flag \u003c/span\u003e\u003ccode\u003e--remote-image\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;on untrusted container images.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-126",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-126 Path Traversal"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "LOCAL",
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "LOW",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-427",
              "description": "CWE-427 Uncontrolled Search Path Element",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-18T08:28:02.899Z",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"
        },
        {
          "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Arbitrary File write in OSV-SCALIBR",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2025-5981",
    "datePublished": "2025-06-18T08:28:02.899Z",
    "dateReserved": "2025-06-10T12:31:04.353Z",
    "dateUpdated": "2025-06-18T13:42:49.567Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-5981\",\"sourceIdentifier\":\"cve-coordination@google.com\",\"published\":\"2025-06-18T09:15:47.660\",\"lastModified\":\"2025-08-07T15:34:04.500\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images.\"},{\"lang\":\"es\",\"value\":\"Escritura arbitraria de archivos como usuario OSV-SCALIBR en el sistema host mediante una vulnerabilidad de path traversal al usar la funci\u00f3n unpack() de OSV-SCALIBR para im\u00e1genes de contenedor. En particular, al usar la opci\u00f3n CLI --remote-image en im\u00e1genes de contenedor no confiables.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":5.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"PRESENT\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"ACTIVE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"LOW\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"HIGH\",\"subIntegrityImpact\":\"LOW\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve-coordination@google.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-427\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:osv-scalibr:*:*:*:*:*:go:*:*\",\"versionStartIncluding\":\"0.1.3\",\"versionEndExcluding\":\"0.1.8\",\"matchCriteriaId\":\"DBCCBE7B-8BE4-446C-B4C9-D0C7D5C4523D\"}]}]}],\"references\":[{\"url\":\"https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/google/osv-scalibr/releases/tag/v0.1.8\",\"source\":\"cve-coordination@google.com\",\"tags\":[\"Release Notes\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-5981\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-18T13:42:36.658295Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-18T13:42:43.144Z\"}}], \"cna\": {\"title\": \"Arbitrary File write in OSV-SCALIBR\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Anthony Weems of Google\u0027s Cloud Vulnerability Research team\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Simon Scannell of Google\u0027s Cloud Vulnerability Research team\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Stefan Schiller of Google\u0027s Cloud Vulnerability Research team\"}], \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 5.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"ACTIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"LOW\", \"vulnIntegrityImpact\": \"LOW\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Google\", \"product\": \"osv-scalibr\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.1.3\", \"lessThan\": \"0.1.8\", \"versionType\": \"semver\"}], \"packageName\": \"osv-scalibr\", \"programFiles\": [\"artifact/image/layerscanning/image/image.go\"], \"collectionURL\": \"https://github.com/google/osv-scalibr\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-04-24T22:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/google/osv-scalibr/releases/tag/v0.1.8\"}, {\"url\": \"https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\\u00a0function for container images. Particularly, when using the CLI flag --remote-image\\u00a0on untrusted container images.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eArbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s \u003c/span\u003e\u003ccode\u003eunpack()\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;function for container images. Particularly, when using the CLI flag \u003c/span\u003e\u003ccode\u003e--remote-image\u003c/code\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;on untrusted container images.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-427\", \"description\": \"CWE-427 Uncontrolled Search Path Element\"}]}], \"providerMetadata\": {\"orgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"shortName\": \"Google\", \"dateUpdated\": \"2025-06-18T08:28:02.899Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-5981\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-18T13:42:49.567Z\", \"dateReserved\": \"2025-06-10T12:31:04.353Z\", \"assignerOrgId\": \"14ed7db2-1595-443d-9d34-6215bf890778\", \"datePublished\": \"2025-06-18T08:28:02.899Z\", \"assignerShortName\": \"Google\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-2HCM-Q3F4-FJGW

Vulnerability from github – Published: 2025-06-18 09:30 – Updated: 2025-08-07 18:21

Summary

OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal

Details

Severity ?

5.7 (Medium)


                  
                    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/google/osv-scalibr"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.1.3"
            },
            {
              "fixed": "0.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-5981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-427"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-18T19:45:44Z",
    "nvd_published_at": "2025-06-18T09:15:47Z",
    "severity": "MODERATE"
  },
  "details": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images.",
  "id": "GHSA-2hcm-q3f4-fjgw",
  "modified": "2025-08-07T18:21:23Z",
  "published": "2025-06-18T09:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5981"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/google/osv-scalibr"
    },
    {
      "type": "WEB",
      "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2025-3767"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OSV-SCALIBR\u0027s Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal"
}

CERTFR-2025-AVI-1036

Vulnerability from certfr_avis - Published: 2025-11-24 - Updated: 2025-11-24

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Kubernetes Runtime	App Metrics versions antérieures à 2.3.2
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.126.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Platform Services	Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Metric Store versions antérieures à 1.8.1
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu	VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Stemcells (Windows) versions antérieures à 2019.92.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36513	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36530	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36512	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36526	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36511	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36525	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36516	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36527	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36536	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36519	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36518	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36524	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36521	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36528	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36522	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36514	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36532	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36509	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36517	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36533	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36537	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36531	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36510	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36523	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36515	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36529	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36534	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36535	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36520	2025-11-23	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Platform Services",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour  VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-13425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-64329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-10977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2024-10976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-59530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-40300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-25621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
    },
    {
      "name": "CVE-2024-12254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
    },
    {
      "name": "CVE-2025-8114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-58058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2024-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2024-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    }
  ],
  "initial_release_date": "2025-11-24T00:00:00",
  "last_revision_date": "2025-11-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
    }
  ]
}

CERTFR-2025-AVI-1036

Vulnerability from certfr_avis - Published: 2025-11-24 - Updated: 2025-11-24

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Kubernetes Runtime	App Metrics versions antérieures à 2.3.2
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.126.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Platform Services	Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Metric Store versions antérieures à 1.8.1
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu	VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Stemcells (Windows) versions antérieures à 2019.92.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36513	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36530	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36512	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36526	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36511	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36525	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36516	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36527	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36536	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36519	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36518	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36524	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36521	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36528	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36522	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36514	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36532	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36509	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36517	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36533	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36537	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36531	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36510	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36523	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36515	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36529	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36534	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36535	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36520	2025-11-23	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Platform Services",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour  VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-13425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-64329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-10977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2024-10976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-59530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-40300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-25621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
    },
    {
      "name": "CVE-2024-12254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
    },
    {
      "name": "CVE-2025-8114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-58058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2024-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2024-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    }
  ],
  "initial_release_date": "2025-11-24T00:00:00",
  "last_revision_date": "2025-11-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
    }
  ]
}

FKIE_CVE-2025-5981

Vulnerability from fkie_nvd - Published: 2025-06-18 09:15 - Updated: 2025-08-07 15:34

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	cve-coordination@google.com	https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59	Patch
	cve-coordination@google.com	https://github.com/google/osv-scalibr/releases/tag/v0.1.8	Release Notes

Impacted products

	Vendor	Product	Version
	google	osv-scalibr	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:osv-scalibr:*:*:*:*:*:go:*:*",
              "matchCriteriaId": "DBCCBE7B-8BE4-446C-B4C9-D0C7D5C4523D",
              "versionEndExcluding": "0.1.8",
              "versionStartIncluding": "0.1.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR\u0027s unpack()\u00a0function for container images. Particularly, when using the CLI flag --remote-image\u00a0on untrusted container images."
    },
    {
      "lang": "es",
      "value": "Escritura arbitraria de archivos como usuario OSV-SCALIBR en el sistema host mediante una vulnerabilidad de path traversal al usar la funci\u00f3n unpack() de OSV-SCALIBR para im\u00e1genes de contenedor. En particular, al usar la opci\u00f3n CLI --remote-image en im\u00e1genes de contenedor no confiables."
    }
  ],
  "id": "CVE-2025-5981",
  "lastModified": "2025-08-07T15:34:04.500",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.7,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "HIGH",
          "subIntegrityImpact": "LOW",
          "userInteraction": "ACTIVE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "NONE",
          "vulnConfidentialityImpact": "HIGH",
          "vulnIntegrityImpact": "LOW",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-06-18T09:15:47.660",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/google/osv-scalibr/releases/tag/v0.1.8"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-5981 (GCVE-0-2025-5981)

GHSA-2HCM-Q3F4-FJGW

CERTFR-2025-AVI-1036

Solutions

CERTFR-2025-AVI-1036

Solutions

FKIE_CVE-2025-5981

Tags

Sightings

Nomenclature