Product Release Advisory - Spring Cloud Data Flow for VMware Tanzu 1.14.7
35972
24 July 2025
24 July 2025
CLOSED
CRITICAL
9.1
N/A
See CVE listing advisory
Product Release Advisory - Spring Cloud Data Flow for VMware Tanzu 1.14.7
|
Advisory Details |
|
|
Severity |
Critical |
|
CVSSv3 Range |
9.1 |
|
CVSSv3 Vector |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
|
Issue Date |
2025-07-24 |
|
Updated on |
Product Version Release Advisory
- Product Release Spring Cloud Data Flow for VMware Tanzu 1.14.7
- Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/spring/spring-cloud-data-flow-for-cloud-foundry/1-14/scdf-tanzu/release-notes.html
Security Fixes This release has the following security fixes, listed by component and area.
|
Component |
Vulnerabilities Resolved |
|
generic-app-errands |
CVE-2025-22871 (Critical) |
|
spring-cloud-dataflow |
GHSA-wxr5-93ph-8wr9 (CVE-2025-48734) (High) |
|
spring-cloud-dataflow |
GHSA-hq9p-pm7w-8p54 (CVE-2025-49146) (High) |
|
spring-cloud-dataflow |
GHSA-h3gc-qfqq-6h8f (CVE-2025-48988) (High) |
|
generic-app-errands |
GHSA-6v2p-p543-phr9 (CVE-2025-22868) (High) |
|
spring-cloud-dataflow |
GHSA-rc42-6c7j-7h5r (CVE-2025-22235) (High) |
|
spring-cloud-dataflow |
GHSA-6r3c-xf4w-jxjm (CVE-2025-41234) (Medium) |
|
spring-cloud-dataflow |
GHSA-3p2h-wqq4-wf4h (CVE-2025-31650) (Medium) |
|
spring-cloud-dataflow |
GHSA-wc4r-xq3c-5cf3 (CVE-2025-49125) (Medium) |
|
spring-cloud-dataflow |
GHSA-4wp7-92pw-q264 (CVE-2025-22233) (Low) |
|
spring-cloud-dataflow |
GHSA-h2fw-rfh5-95r3 (CVE-2025-46701) (Low) |
|
spring-cloud-dataflow |
GHSA-ff77-26x5-69cr (CVE-2025-31651) (Low) |