cvelistv5 - cve-2025-59530

CVE-2025-59530 (GCVE-0-2025-59530)

Vulnerability from cvelistv5

Published

2025-10-10 16:09

Modified

2025-10-10 16:31

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-617 - Reachable Assertion
CWE-755 - Improper Handling of Exceptional Conditions

Summary

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames.

References

URL

Tags

	https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw	x_refsource_CONFIRM
	https://github.com/quic-go/quic-go/pull/5354	x_refsource_MISC
	https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	quic-go	quic-go	Version: < 0.49.1 Version: >= 0.5.0, < 0.54.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59530",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-10T16:31:32.909241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-10T16:31:47.457Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "quic-go",
          "vendor": "quic-go",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.49.1"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.5.0, \u003c 0.54.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service (DoS) attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authentication and can be exploited during the handshake phase. This was observed in the wild with certain server implementations. quic-go needs to be able to handle misbehaving server implementations, including those that prematurely send a HANDSHAKE_DONE frame. Versions 0.49.0, 0.54.1, and 0.55.0 discard Initial keys when receiving a HANDSHAKE_DONE frame, thereby correctly handling premature HANDSHAKE_DONE frames."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-755",
              "description": "CWE-755: Improper Handling of Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-10T16:09:55.227Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/quic-go/quic-go/security/advisories/GHSA-47m2-4cr7-mhcw"
        },
        {
          "name": "https://github.com/quic-go/quic-go/pull/5354",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quic-go/quic-go/pull/5354"
        },
        {
          "name": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/quic-go/quic-go/blob/v0.55.0/connection.go#L2682-L2685"
        }
      ],
      "source": {
        "advisory": "GHSA-47m2-4cr7-mhcw",
        "discovery": "UNKNOWN"
      },
      "title": "quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-59530",
    "datePublished": "2025-10-10T16:09:55.227Z",
    "dateReserved": "2025-09-17T17:04:20.373Z",
    "dateUpdated": "2025-10-10T16:31:47.457Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2025-AVI-0941

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	azl3 kata-containers-cc 3.15.0.aks0-5
Microsoft	N/A	cbl2 binutils 2.37-17
Microsoft	N/A	cbl2 coredns 1.11.1-22 versions antérieures à 1.11.1-24
Microsoft	N/A	cbl2 bind 9.16.50-2
Microsoft	N/A	azl3 kernel 6.6.104.2-4
Microsoft	N/A	azl3 bind 9.20.11-1
Microsoft	N/A	azl3 coredns 1.11.4-10
Microsoft	N/A	azl3 binutils 2.41-9

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-40079	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40030	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40040	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40043	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-8677	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40053	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40051	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40026	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40044	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40052	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40780	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-59530	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40021	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40080	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40077	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40068	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40057	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40039	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11840	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40042	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40049	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11839	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40081	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40035	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40056	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40064	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40071	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40061	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40033	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40778	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40025	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40074	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40055	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40019	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40027	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40024	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40029	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40065	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40020	2025-10-26	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-62518	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40075	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40060	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40018	2025-10-25	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40032	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40038	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40078	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40036	2025-10-29	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-40048	2025-10-29	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 kata-containers-cc 3.15.0.aks0-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 coredns 1.11.1-22 versions ant\u00e9rieures \u00e0 1.11.1-24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 bind 9.16.50-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 bind 9.20.11-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 coredns 1.11.4-10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 binutils 2.41-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-40064",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40064"
    },
    {
      "name": "CVE-2025-40057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40057"
    },
    {
      "name": "CVE-2025-40055",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40055"
    },
    {
      "name": "CVE-2025-40029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40029"
    },
    {
      "name": "CVE-2025-40048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40048"
    },
    {
      "name": "CVE-2025-62518",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-62518"
    },
    {
      "name": "CVE-2025-40043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40043"
    },
    {
      "name": "CVE-2025-11840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11840"
    },
    {
      "name": "CVE-2025-40780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40780"
    },
    {
      "name": "CVE-2025-40019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40019"
    },
    {
      "name": "CVE-2025-40039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40039"
    },
    {
      "name": "CVE-2025-40081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40081"
    },
    {
      "name": "CVE-2025-40026",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40026"
    },
    {
      "name": "CVE-2025-40056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40056"
    },
    {
      "name": "CVE-2025-40052",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40052"
    },
    {
      "name": "CVE-2025-40035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40035"
    },
    {
      "name": "CVE-2025-40020",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40020"
    },
    {
      "name": "CVE-2025-40049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40049"
    },
    {
      "name": "CVE-2025-40024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40024"
    },
    {
      "name": "CVE-2025-40033",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40033"
    },
    {
      "name": "CVE-2025-40075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40075"
    },
    {
      "name": "CVE-2025-40027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40027"
    },
    {
      "name": "CVE-2025-40032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40032"
    },
    {
      "name": "CVE-2025-40038",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40038"
    },
    {
      "name": "CVE-2025-40778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40778"
    },
    {
      "name": "CVE-2025-40078",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40078"
    },
    {
      "name": "CVE-2025-40074",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40074"
    },
    {
      "name": "CVE-2025-40053",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40053"
    },
    {
      "name": "CVE-2025-40040",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40040"
    },
    {
      "name": "CVE-2025-40021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40021"
    },
    {
      "name": "CVE-2025-40044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40044"
    },
    {
      "name": "CVE-2025-40079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40079"
    },
    {
      "name": "CVE-2025-59530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
    },
    {
      "name": "CVE-2025-40018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
    },
    {
      "name": "CVE-2025-40077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40077"
    },
    {
      "name": "CVE-2025-40071",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40071"
    },
    {
      "name": "CVE-2025-40080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40080"
    },
    {
      "name": "CVE-2025-40068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40068"
    },
    {
      "name": "CVE-2025-40042",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40042"
    },
    {
      "name": "CVE-2025-8677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8677"
    },
    {
      "name": "CVE-2025-40060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40060"
    },
    {
      "name": "CVE-2025-40025",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40025"
    },
    {
      "name": "CVE-2025-11839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11839"
    },
    {
      "name": "CVE-2025-40065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40065"
    },
    {
      "name": "CVE-2025-40036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40036"
    },
    {
      "name": "CVE-2025-40030",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40030"
    },
    {
      "name": "CVE-2025-40061",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40061"
    },
    {
      "name": "CVE-2025-40051",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40051"
    }
  ],
  "initial_release_date": "2025-10-30T00:00:00",
  "last_revision_date": "2025-10-30T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0941",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40079",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40079"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40030",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40030"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40040",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40040"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40043",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40043"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-8677",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8677"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40053",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40053"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40051",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40051"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40026",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40026"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40044",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40044"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40052",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40052"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40780",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40780"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-59530",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59530"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40021",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40021"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40080"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40077",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40077"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40068",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40068"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40057",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40057"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40039",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40039"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11840",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11840"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40042",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40042"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40049",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40049"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11839",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11839"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40081",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40081"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40035",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40035"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40056",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40056"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40064",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40064"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40071",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40071"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40061",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40061"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40033",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40033"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40778",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40778"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40025",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40025"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40074",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40074"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40055",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40055"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40019",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40019"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40027",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40027"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40024",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40024"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40029",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40029"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40065",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40065"
    },
    {
      "published_at": "2025-10-26",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40020",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40020"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-62518",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62518"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40075",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40075"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40060",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40060"
    },
    {
      "published_at": "2025-10-25",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40018",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40018"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40032",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40032"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40038",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40038"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40078",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40078"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40036",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40036"
    },
    {
      "published_at": "2025-10-29",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-40048",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-40048"
    }
  ]
}

CERTFR-2025-AVI-1036

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Kubernetes Runtime	App Metrics versions antérieures à 2.3.2
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Noble) versions antérieures à 1.126.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Platform Services	Platform Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 6.0.22
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Metric Store versions antérieures à 1.8.1
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	AI Services pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu	VMware Tanzu pour Postgres on Tanzu Platform versions antérieures à 10.2.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy Azure Light) versions antérieures à 1.954.x
VMware	Tanzu Kubernetes Runtime	Stemcells (Windows) versions antérieures à 2019.92.x
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime pour VMware Tanzu Platform versions antérieures à 10.2.5
VMware	Tanzu Kubernetes Runtime	Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions antérieures à 10.3.1
VMware	Tanzu Kubernetes Runtime	Stemcells (Ubuntu Jammy FIPS) versions antérieures à 1.954.x

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36513	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36530	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36512	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36526	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36511	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36525	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36516	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36527	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36536	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36519	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36518	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36524	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36521	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36528	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36522	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36514	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36532	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36509	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36517	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36533	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36537	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36531	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36510	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36523	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36515	2025-11-23	vendor-advisory
Bulletin de sécurité VMware 36529	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36534	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36535	2025-11-24	vendor-advisory
Bulletin de sécurité VMware 36520	2025-11-23	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "App Metrics versions ant\u00e9rieures \u00e0 2.3.2",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Noble) versions ant\u00e9rieures \u00e0 1.126.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Platform Services",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 6.0.22",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Metric Store versions ant\u00e9rieures \u00e0 1.8.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "AI Services pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Tanzu pour Postgres on Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.1",
      "product": {
        "name": "Tanzu",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy Azure Light) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Windows) versions ant\u00e9rieures \u00e0 2019.92.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime pour  VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.5",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Elastic Application Runtime Windows add-on pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.1",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Stemcells (Ubuntu Jammy FIPS) versions ant\u00e9rieures \u00e0 1.954.x",
      "product": {
        "name": "Tanzu Kubernetes Runtime",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-24790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24790"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-13425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13425"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2025-6069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
    },
    {
      "name": "CVE-2024-6232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
    },
    {
      "name": "CVE-2025-4330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4330"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2024-9287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9287"
    },
    {
      "name": "CVE-2025-4138",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4138"
    },
    {
      "name": "CVE-2024-24791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24791"
    },
    {
      "name": "CVE-2024-45341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
    },
    {
      "name": "CVE-2024-13176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
    },
    {
      "name": "CVE-2024-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-35255"
    },
    {
      "name": "CVE-2022-40897",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-40897"
    },
    {
      "name": "CVE-2025-0938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0938"
    },
    {
      "name": "CVE-2025-64329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64329"
    },
    {
      "name": "CVE-2025-22866",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22866"
    },
    {
      "name": "CVE-2024-34158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
    },
    {
      "name": "CVE-2023-27043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
    },
    {
      "name": "CVE-2024-51744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
    },
    {
      "name": "CVE-2024-10977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
    },
    {
      "name": "CVE-2025-50182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-8194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8194"
    },
    {
      "name": "CVE-2025-50181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
    },
    {
      "name": "CVE-2025-4517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4517"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-4435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4435"
    },
    {
      "name": "CVE-2024-45336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45336"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2024-5535",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-5535"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2024-12718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12718"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2024-10976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-7254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2024-9143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2024-34156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2024-7592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7592"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2025-59530",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-59530"
    },
    {
      "name": "CVE-2024-47081",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
    },
    {
      "name": "CVE-2025-40300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40300"
    },
    {
      "name": "CVE-2024-6119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6119"
    },
    {
      "name": "CVE-2024-25621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-25621"
    },
    {
      "name": "CVE-2024-12254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12254"
    },
    {
      "name": "CVE-2025-8114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8114"
    },
    {
      "name": "CVE-2025-4516",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4516"
    },
    {
      "name": "CVE-2025-58058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2024-10978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
    },
    {
      "name": "CVE-2024-4603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4603"
    },
    {
      "name": "CVE-2024-50602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2024-4741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4741"
    },
    {
      "name": "CVE-2024-4032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-4032"
    },
    {
      "name": "CVE-2024-2511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-2511"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2024-34155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2024-24789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24789"
    },
    {
      "name": "CVE-2024-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
    },
    {
      "name": "CVE-2024-10979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
    },
    {
      "name": "CVE-2025-49014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49014"
    },
    {
      "name": "CVE-2025-5981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-5981"
    },
    {
      "name": "CVE-2024-6923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6923"
    },
    {
      "name": "CVE-2024-8088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8088"
    },
    {
      "name": "CVE-2025-11226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11226"
    }
  ],
  "initial_release_date": "2025-11-24T00:00:00",
  "last_revision_date": "2025-11-24T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1036",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36513",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36513"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36530",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36530"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36512",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36512"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36526",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36526"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36511",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36511"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36525",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36525"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36516",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36516"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36527",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36527"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36536",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36536"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36519",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36519"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36518",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36518"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36524",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36524"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36521",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36521"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36528",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36528"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36522",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36522"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36514",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36514"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36532",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36532"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36509",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36509"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36517",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36517"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36533",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36533"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36537",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36537"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36531",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36531"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36510",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36510"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36523",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36523"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36515",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36515"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36529",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36529"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36534",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36534"
    },
    {
      "published_at": "2025-11-24",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36535",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36535"
    },
    {
      "published_at": "2025-11-23",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36520",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36520"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-59530 (GCVE-0-2025-59530)

Vulnerability from cvelistv5

CERTFR-2025-AVI-0941

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-1036

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature