Product Release Advisory - VMware Tanzu for Postgres on Kubernetes 4.2.0

Product/Component

VMware Tanzu Data Services

7 more products

Notification Id

35841

Last Updated

18 June 2025

Initial Publication Date

18 June 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.8

WorkAround

Affected CVE

See CVE list in advisory

Product Release Advisory

Advisory ID:	TNZ-2025-0029
Severity:	Critical
Issue Date:	June 18, 2025
Updated on:	June 18, 2025
Synopsys	Bumped multiple dependency updates, which resulted in 39 CVEs remediated in this release.

Product Version Release Advisory

VMware Tanzu for Postgres on Kubernetes v4.2.0
https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres-on-kubernetes/4-2/tnz-postgres-k8s/index.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

tanzu-postgres-kubernetes

CVE-2024-24790 (critical)

CVE-2025-1094 (high)

CVE-2024-56171 (high)

CVE-2024-8176 (high)

CVE-2024-10963 (high)

CVE-2025-4802 (high)

CVE-2024-55549 (high)

CVE-2024-8176 (high)

CVE-2025-24928 (high)

CVE-2023-4752 (high)

CVE-2025-30204 (high)

CVE-2024-12797 (high)

CVE-2022-4055 (high)

CVE-2024-53920 (high)
CVE-2024-34156 (high)

CVE-2024-34158 (high)

CVE-2024-52616 (medium)

CVE-2022-1941 (medium)

CVE-2024-13176 (medium)

CVE-2022-49043 (medium)

CVE-2024-9287 (medium)

CVE-2025-0395 (medium)

CVE-2024-24787 (medium)

CVE-2024-12133 (medium)

CVE-2019-12900 (medium)

CVE-2024-24788 (medium)

CVE-2024-24789 (medium)

CVE-2024-10041 (medium)

CVE-2025-0938 (medium)

CVE-2025-24528 (medium)

CVE-2024-41996 (medium)

CVE-2024-35195 (medium)

CVE-2021-34141 (medium)

CVE-2020-11023 (medium)

CVE-2024-12243 (medium)

CVE-2021-33430 (medium)

CVE-2024-34155 (medium)

CVE-2024-11168 (low)

CVE-2024-51744 (low)

History

2025-06-18: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security