Support Content Notification - Support Portal - Broadcom support portal

Product Release Advisory - Spring Cloud Services for VMware Tanzu 3.3.8

Product/Component

Tanzu Kubernetes Runtime

5 more products

Notification Id

35979

Last Updated

24 July 2025

Initial Publication Date

24 July 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.1

WorkAround

N/A

Affected CVE

See CVE list in advisory

Product Release Advisory - Spring Cloud Services for VMware Tanzu 3.3.8

	Advisory Details
Severity	Critical
CVSSv3 Range	9.1
CVSSv3 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Issue Date	2025-07-24
Updated on

Product Version Release Advisory

Product Release Spring Cloud Services for VMware Tanzu 3.3.8
Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/spring/spring-cloud-services-for-cloud-foundry/3-3/scs-tanzu/release-notes.html

Security Fixes This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
routing	CVE-2025-22871 (Critical)
routing	CVE-2024-53427 (High)
routing	GHSA-4374-p667-p6c8 (CVE-2023-39325) (High)
pxc	CVE-2025-22874 (High)
routing	CVE-2025-48060 (High)
routing	GHSA-6v2p-p543-phr9 (CVE-2025-22868) (High)
spring-cloud-services	GHSA-h3gc-qfqq-6h8f (CVE-2025-48988) (High)
pxc	CVE-2025-4673 (Medium)
spring-cloud-services	GHSA-6r3c-xf4w-jxjm (CVE-2025-41234) (Medium)
routing	CVE-2024-23337 (Medium)
routing	GHSA-2wrh-6pvc-2jm9 (CVE-2023-3978) (Medium)
spring-cloud-services	GHSA-wc4r-xq3c-5cf3 (CVE-2025-49125) (Medium)
pxc	CVE-2025-0913 (Medium)
routing	GHSA-4v7x-pqxf-cx7m (CVE-2023-45288) (Medium)
routing	GHSA-qppj-fm5r-hxr3 (CVE-2023-44487) (Medium)