Product Release Advisory - VMware Tanzu GemFire 10.1.4
36090
04 September 2025
04 September 2025
CLOSED
HIGH
Product Release Advisory
Advisory ID: |
TNZ-2025-0096 |
Severity: |
High |
Issue Date: |
2025-09-04 |
Updated on: |
2025-09-04 |
Synopsis |
Bumped multiple dependencies, which resulted in at least 11 CVEs remediated in this release |
Product Version Release Advisory
- VMware Tanzu GemFire 10.1.4
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-1/gf/release_notes.html
Security Fixes
This release has the following security fixes, listed by component and area.
Component |
Vulnerabilities Resolved |
JSON-Smart |
BDSA-2025-0966 (medium) |
Apache Commons Lang |
BDSA-2025-6881 (medium) |
Apache Commons FileUpload |
BDSA-2025-5248 (medium) |
Spring Security |
BDSA-2025-2271 (medium) |
Spring Boot |
BDSA-2025-3548 (medium) BDSA-2024-5686 (medium) |
Apache Commons BeanUtils |
CVE-2025-48734 (high) |
Spring |
CVE-2025-22233 (medium) |
Netty |
CVE-2025-24970 (medium) CVE-2025-25193 (medium) BDSA-2025-8614 (medium) |
History
2025-09-04 Initial vulnerability report published.
Contact
E-mail: [email protected]
VMware Tanzu Security Advisories
https://tanzu.vmware.com/security