Product Release Advisory - VMware Tanzu for Postgres 17.4.0, 16.8.0, 15.12.0, 14.17.0, 13.20.0

Product/Component

VMware Tanzu Data Services

5 more products

Notification Id

35866

Last Updated

25 June 2025

Initial Publication Date

25 June 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.8

WorkAround

Affected CVE

See CVE list in advisory

Product Release Advisory

Advisory ID:	TNZ-2025-0039
Severity:	Critical
Issue Date:	June 25, 2025
Updated on:	June 25, 2025
Synopsys	Bumped multiple dependencies updates which resulted in 242 CVEs remediated in this release.

Product Version Release Advisory

VMware Tanzu for Postgres 17.4.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/17-4/tnz-postgres/release-notes.html

VMware Tanzu for Postgres 16.8.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/16-8/tnz-postgres/release-notes.html

VMware Tanzu for Postgres 15.12.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/15-12/tnz-postgres/release-notes.html

VMware Tanzu for Postgres 14.17.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/14-17/tnz-postgres/release-notes.html

VMware Tanzu for Postgres 13.20.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/13-20/tnz-postgres/release-notes.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
VMware Tanzu for Postgres 17.4.0	CVE-2024-24790 (critical) CVE-2025-1094 (high) CVE-2024-24791 (high) CVE-2024-34158 (high) CVE-2024-34156 (high) CVE-2024-24786 (high) CVE-2024-24787 (medium) CVE-2023-48795 (medium) CVE-2024-24788 (medium) CVE-2024-24789 (medium) CVE-2023-45288 (medium) CVE-2024-34155 (medium)
VMware Tanzu for Postgres 16.8.0	CVE-2024-24790 (critical) CVE-2024-7804 (critical) CVE-2023-47248 (critical) CVE-2024-11393 (high) CVE-2024-56201 (high) CVE-2024-11394 (high) CVE-2024-43497 (high) CVE-2025-1094 (high) CVE-2023-50447 (high) CVE-2024-31583 (high) CVE-2024-56326 (high) CVE-2024-31580 (high) CVE-2024-27454 (high) CVE-2024-24791 (high) CVE-2024-34156 (high) CVE-2024-30251 (high) CVE-2024-39705 (high) CVE-2024-11392 (high) CVE-2024-24786 (high) CVE-2024-34158 (high) CVE-2024-28219 (medium) CVE-2024-3571 (medium) CVE-2024-23829 (medium) CVE-2024-24787 (medium) CVE-2024-3651 (medium) CVE-2024-27306 (medium) CVE-2024-52304 (medium) CVE-2024-1455 (medium) CVE-2024-24788 (medium) CVE-2024-23334 (medium) CVE-2023-48795 (medium) CVE-2024-35195 (medium) CVE-2024-24789 (medium) CVE-2024-34064 (medium) CVE-2024-22195 (medium) CVE-2024-5206 (medium) CVE-2024-12720 (medium) CVE-2023-45288 (medium) CVE-2024-5998 (medium) CVE-2024-8309 (medium) CVE-2024-42367 (medium) CVE-2024-3095 (medium) CVE-2024-37891 (medium) CVE-2024-34155 (medium) CVE-2024-2965 (medium) CVE-2024-34062 (low) CVE-2024-0243 (low) CVE-2024-28088 (low) CVE-2024-39689 (low)
VMware Tanzu for Postgres 15.12.0	CVE-2024-24790 (critical) CVE-2024-7804 (critical) CVE-2023-47248 (critical) CVE-2024-11393 (high) CVE-2024-11394 (high) CVE-2024-56201 (high) CVE-2024-43497 (high) CVE-2023-50447 (high) CVE-2025-1094 (high) CVE-2024-31583 (high) CVE-2024-56326 (high) CVE-2024-31580 (high) CVE-2024-39705 (high) CVE-2024-27454 (high) CVE-2024-34158 (high) CVE-2024-24791 (high) CVE-2024-34156 (high) CVE-2024-30251 (high) CVE-2024-24786 (high) CVE-2024-11392 (high) CVE-2024-28219 (medium) CVE-2024-23829 (medium) CVE-2024-3571 (medium) CVE-2024-24787 (medium) CVE-2024-3651 (medium) CVE-2024-27306 (medium) CVE-2024-52304 (medium) CVE-2024-1455 (medium) CVE-2024-23334 (medium) CVE-2024-24788 (medium) CVE-2023-48795 (medium) CVE-2024-35195 (medium) CVE-2024-24789 (medium) CVE-2024-34064 (medium) CVE-2024-22195 (medium) CVE-2023-45288 (medium) CVE-2024-5206 (medium) CVE-2024-12720 (medium) CVE-2024-5998 (medium) CVE-2024-8309 (medium) CVE-2024-42367 (medium) CVE-2024-3095 (medium) CVE-2024-37891 (medium) CVE-2024-34155 (medium) CVE-2024-2965 (medium) CVE-2024-34062 (low) CVE-2024-0243 (low) CVE-2024-39689 (low) CVE-2024-28088 (low)
VMware Tanzu for Postgres 14.17.0	CVE-2024-24790 (critical) CVE-2023-47248 (critical) CVE-2024-7804 (critical) CVE-2024-56201 (high) CVE-2024-11394 (high) CVE-2024-11393 (high) CVE-2024-43497 (high) CVE-2024-53899 (high) CVE-2025-1094 (high) CVE-2023-50447 (high) CVE-2024-31583 (high) CVE-2024-56326 (high) CVE-2024-11392 (high) CVE-2024-34156 (high) CVE-2024-24791 (high) CVE-2024-34158 (high) CVE-2024-24786 (high) CVE-2019-20916 (high) CVE-2024-30251 (high) CVE-2024-31580 (high) CVE-2024-27454 (high) CVE-2022-42969 (high) CVE-2024-39705 (high) CVE-2024-28219 (medium) CVE-2024-3571 (medium) CVE-2024-23829 (medium) CVE-2024-24787 (medium) CVE-2024-5569 (medium) CVE-2024-3651 (medium) CVE-2024-27306 (medium) CVE-2024-52304 (medium) CVE-2024-24788 (medium) CVE-2024-1455 (medium) CVE-2023-48795 (medium) CVE-2024-23334 (medium) CVE-2023-29483 (medium) CVE-2021-3572 (medium) CVE-2024-35195 (medium) CVE-2024-24789 (medium) CVE-2024-34064 (medium) CVE-2024-22195 (medium) CVE-2023-45288 (medium) CVE-2024-12720 (medium) CVE-2024-5206 (medium) CVE-2024-5998 (medium) CVE-2024-8309 (medium) CVE-2024-42367 (medium) CVE-2024-3095 (medium) CVE-2024-37891 (medium) CVE-2024-34155 (medium) CVE-2024-2965 (medium) CVE-2024-34062 (low) CVE-2024-0243 (low) CVE-2024-28088 (low) CVE-2024-39689 (low)
VMware Tanzu for Postgres 13.20.0	CVE-2024-7804 (critical) CVE-2023-47248 (critical) CVE-2024-24790 (critical) CVE-2024-11393 (high) CVE-2024-56201 (high) CVE-2024-11394 (high) CVE-2024-43497 (high) CVE-2023-50447 (high) CVE-2025-1094 (high) CVE-2024-31583 (high) CVE-2024-56326 (high) CVE-2024-31580 (high) CVE-2024-39705 (high) CVE-2024-34158 (high) CVE-2024-34156 (high) CVE-2024-30251 (high) CVE-2024-24791 (high) CVE-2024-24786 (high) CVE-2024-11392 (high) CVE-2024-27454 (high) CVE-2024-28219 (medium) CVE-2024-23829 (medium) CVE-2024-3571 (medium) CVE-2024-24787 (medium) CVE-2024-3651 (medium) CVE-2024-27306 (medium) CVE-2024-52304 (medium) CVE-2024-23334 (medium) CVE-2024-1455 (medium) CVE-2024-24788 (medium) CVE-2023-48795 (medium) CVE-2024-35195 (medium) CVE-2024-24789 (medium) CVE-2024-22195 (medium) CVE-2024-34064 (medium) CVE-2024-12720 (medium) CVE-2023-45288 (medium) CVE-2024-5206 (medium) CVE-2024-5998 (medium) CVE-2024-8309 (medium) CVE-2024-3095 (medium) CVE-2024-42367 (medium) CVE-2024-37891 (medium) CVE-2024-34155 (medium) CVE-2024-2965 (medium) CVE-2024-34062 (low) CVE-2024-0243 (low) CVE-2024-39689 (low) CVE-2024-28088 (low)

History

2025-06-25: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories: https://tanzu.vmware.com/security