Product Release Advisory - VMware Tanzu Greenplum 7.5.0

Product/Component

VMware Tanzu Data Suite

2 more products

Notification Id

35843

Last Updated

18 June 2025

Initial Publication Date

18 June 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.8

WorkAround

Affected CVE

See CVE list in advisory

Security Advisory

Advisory ID:	TNZ-2025-0031
Severity:	Critical
Issue Date:	June 18, 2025
Updated on:	June 18, 2025
Synopsis	VMware Tanzu Greenplum 7.5.0 addresses the following security vulnerabilities.

Product Version Release Advisory

VMware Tanzu Greenplum 7.5.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-greenplum/7/greenplum-database/relnotes-release-notes.html#release-7.5.0

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
Greenplum Server	CVE-2025-1094 (high) CVE-2024-10979 (high) CVE-2024-7348 (high) CVE-2023-2455 (medium) CVE-2023-5870 (medium) CVE-2024-10976 (medium) CVE-2024-10978 (medium) CVE-2022-41862 (low) CVE-2024-10977 (low)
PL/Container Python3 Image	GHSA-f73w-4m7g-ch9x (critical) CVE-2024-3596 (critical) CVE-2023-37920 (critical) GHSA-q2x7-8rv6-6q7h (medium) GHSA-4vmg-rw8f-92f9 (critical)
PL/Container R Image	CVE-2022-42967 (critical) CVE-2023-37920 (critical) CVE-2024-3596 (critical)
DataSciencePython3.11	GHSA-x4wf-678h-2pmq (critical) GHSA-f73w-4m7g-ch9x (critical) GHSA-4vmg-rw8f-92f9 (critical)
Cluster Management - Go standard library	CVE-2025-22871 (medium)

History

2025-06-18: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security