cvelistv5 - cve-2025-24358

CVE-2025-24358 (GCVE-0-2025-24358)

Vulnerability from cvelistv5

Published

2025-04-15 18:57

Modified

2025-05-01 11:02

Severity ?

5.4 (Medium) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Summary

gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for "server" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.

References

URL

Tags

	https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw	x_refsource_CONFIRM
	https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	gorilla	csrf	Version: < 1.7.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-24358",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-15T19:53:35.649680Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-15T20:03:47.479Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-01T11:02:45.986Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "csrf",
          "vendor": "gorilla",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.7.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \"server\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-15T18:57:40.559Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw"
        },
        {
          "name": "https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb"
        }
      ],
      "source": {
        "advisory": "GHSA-rq77-p4h8-4crw",
        "discovery": "UNKNOWN"
      },
      "title": "gorilla/csrf CSRF vulnerability due to broken Referer validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-24358",
    "datePublished": "2025-04-15T18:57:40.559Z",
    "dateReserved": "2025-01-20T15:18:26.989Z",
    "dateUpdated": "2025-05-01T11:02:45.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/05/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-05-01T11:02:45.986Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24358\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-15T19:53:35.649680Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-15T19:57:26.834Z\"}}], \"cna\": {\"title\": \"gorilla/csrf CSRF vulnerability due to broken Referer validation\", \"source\": {\"advisory\": \"GHSA-rq77-p4h8-4crw\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"PASSIVE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"PRESENT\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"gorilla\", \"product\": \"csrf\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.7.3\"}]}], \"references\": [{\"url\": \"https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw\", \"name\": \"https://github.com/gorilla/csrf/security/advisories/GHSA-rq77-p4h8-4crw\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb\", \"name\": \"https://github.com/gorilla/csrf/commit/9dd6af1f6d30fc79fb0d972394deebdabad6b5eb\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications \u0026 services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for \\\"server\\\" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-15T18:57:40.559Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24358\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-05-01T11:02:45.986Z\", \"dateReserved\": \"2025-01-20T15:18:26.989Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-04-15T18:57:40.559Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2026-AVI-0315

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Elastic Application Runtime for VMware Tanzu Platform versions antérieures à 10.3.6
VMware	N/A	.NET Core Buildpack versions antérieures à 2.4.86
VMware	N/A	Go Buildpack versions antérieures à 1.10.75
VMware	Tanzu Platform	Tanzu Data Flow on Tanzu Platform versions antérieures à 2.0.4
VMware	Tanzu Platform	Elastic Application Runtime for VMware Tanzu Platform versions antérieures à 6.0.26+LTS-T
VMware	Tanzu Platform	Extended App Support for Tanzu Platform versions antérieures à 1.0.17
VMware	Tanzu Platform	Elastic Application Runtime for VMware Tanzu Platform versions antérieures à 10.2.9+LTS-T
VMware	N/A	Binary Buildpack versions antérieures à 1.1.61
VMware	N/A	VMware Harbor Registry versions antérieures à 2.14.3

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 37197	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37202	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37200	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37209	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37198	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37208	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37206	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37204	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37203	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37207	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37199	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37210	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37205	2026-03-18	vendor-advisory
Bulletin de sécurité VMware 37201	2026-03-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Elastic Application Runtime for VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.6",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": ".NET Core Buildpack versions ant\u00e9rieures \u00e0 2.4.86",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Go Buildpack versions ant\u00e9rieures \u00e0 1.10.75",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Data Flow on Tanzu Platform versions ant\u00e9rieures \u00e0 2.0.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime for VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.26+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Extended App Support for Tanzu Platform versions ant\u00e9rieures \u00e0 1.0.17",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime for VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.9+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Binary Buildpack versions ant\u00e9rieures \u00e0 1.1.61",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Harbor Registry versions ant\u00e9rieures \u00e0 2.14.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-61730",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61730"
    },
    {
      "name": "CVE-2026-21933",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21933"
    },
    {
      "name": "CVE-2025-31115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31115"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2026-21932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21932"
    },
    {
      "name": "CVE-2025-15282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15282"
    },
    {
      "name": "CVE-2026-21637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
    },
    {
      "name": "CVE-2024-3220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3220"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-66614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66614"
    },
    {
      "name": "CVE-2026-1965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1965"
    },
    {
      "name": "CVE-2025-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12084"
    },
    {
      "name": "CVE-2025-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27219"
    },
    {
      "name": "CVE-2024-47611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47611"
    },
    {
      "name": "CVE-2026-1642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1642"
    },
    {
      "name": "CVE-2026-27138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27138"
    },
    {
      "name": "CVE-2025-11468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11468"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2025-69419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69419"
    },
    {
      "name": "CVE-2026-3783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3783"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2026-23831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-23831"
    },
    {
      "name": "CVE-2026-22701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22701"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2025-61731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61731"
    },
    {
      "name": "CVE-2026-27137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27137"
    },
    {
      "name": "CVE-2025-13837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13837"
    },
    {
      "name": "CVE-2025-15367",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15367"
    },
    {
      "name": "CVE-2026-2006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2006"
    },
    {
      "name": "CVE-2025-55130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
    },
    {
      "name": "CVE-2025-55131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
    },
    {
      "name": "CVE-2026-2005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2005"
    },
    {
      "name": "CVE-2025-50106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50106"
    },
    {
      "name": "CVE-2025-59465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
    },
    {
      "name": "CVE-2025-29923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29923"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2026-22795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22795"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2026-21925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21925"
    },
    {
      "name": "CVE-2025-30754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30754"
    },
    {
      "name": "CVE-2025-53859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53859"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2026-1703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1703"
    },
    {
      "name": "CVE-2026-27142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27142"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-69421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69421"
    },
    {
      "name": "CVE-2025-12781",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12781"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2026-26958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-26958"
    },
    {
      "name": "CVE-2023-38037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-38037"
    },
    {
      "name": "CVE-2026-25934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25934"
    },
    {
      "name": "CVE-2026-22796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22796"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2023-28120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28120"
    },
    {
      "name": "CVE-2025-61732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61732"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-55132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
    },
    {
      "name": "CVE-2026-22702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22702"
    },
    {
      "name": "CVE-2026-25679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-25679"
    },
    {
      "name": "CVE-2025-14017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14017"
    },
    {
      "name": "CVE-2026-3805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3805"
    },
    {
      "name": "CVE-2025-13836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13836"
    },
    {
      "name": "CVE-2026-1229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1229"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2025-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-27220"
    },
    {
      "name": "CVE-2025-55163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55163"
    },
    {
      "name": "CVE-2025-15366",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15366"
    },
    {
      "name": "CVE-2025-13462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13462"
    },
    {
      "name": "CVE-2026-0865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0865"
    },
    {
      "name": "CVE-2025-50059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50059"
    },
    {
      "name": "CVE-2026-24117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24117"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2025-68160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68160"
    },
    {
      "name": "CVE-2025-54410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
    },
    {
      "name": "CVE-2025-67735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67735"
    },
    {
      "name": "CVE-2025-61728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-13034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13034"
    },
    {
      "name": "CVE-2025-8869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8869"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-14524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14524"
    },
    {
      "name": "CVE-2026-2297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2297"
    },
    {
      "name": "CVE-2025-58181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
    },
    {
      "name": "CVE-2025-47914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
    },
    {
      "name": "CVE-2025-69418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69418"
    },
    {
      "name": "CVE-2025-59466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
    },
    {
      "name": "CVE-2026-1299",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1299"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2026-21945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21945"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-24358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24358"
    },
    {
      "name": "CVE-2025-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30749"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2026-27139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-27139"
    },
    {
      "name": "CVE-2026-24733",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24733"
    },
    {
      "name": "CVE-2025-66564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66564"
    },
    {
      "name": "CVE-2026-2003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2003"
    },
    {
      "name": "CVE-2025-15079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15079"
    },
    {
      "name": "CVE-2025-68121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
    },
    {
      "name": "CVE-2025-14819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14819"
    },
    {
      "name": "CVE-2025-61726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
    },
    {
      "name": "CVE-2025-47909",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47909"
    },
    {
      "name": "CVE-2026-2004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-2004"
    },
    {
      "name": "CVE-2026-0672",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-0672"
    },
    {
      "name": "CVE-2026-24137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24137"
    },
    {
      "name": "CVE-2017-8806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8806"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2023-22796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22796"
    },
    {
      "name": "CVE-2025-68119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68119"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2025-69420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-69420"
    },
    {
      "name": "CVE-2025-47273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
    },
    {
      "name": "CVE-2025-15224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15224"
    },
    {
      "name": "CVE-2026-1225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1225"
    },
    {
      "name": "CVE-2026-22703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-22703"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2026-3784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-3784"
    }
  ],
  "initial_release_date": "2026-03-18T00:00:00",
  "last_revision_date": "2026-03-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0315",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-03-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37197",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37197"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37202",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37202"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37200",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37200"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37209",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37209"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37198",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37198"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37208",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37208"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37206",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37206"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37204",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37204"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37203",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37203"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37207",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37207"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37199",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37199"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37210",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37210"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37205",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37205"
    },
    {
      "published_at": "2026-03-18",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 37201",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37201"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-24358 (GCVE-0-2025-24358)

Vulnerability from cvelistv5

CERTFR-2026-AVI-0315

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature