Support Content Notification - Support Portal

Product Release Advisory - VMware Tanzu for MySQL on Cloud Foundry 10.0.2

Product/Component

Services Suite

8 more products

Notification Id

36103

Last Updated

04 September 2025

Initial Publication Date

04 September 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.1

WorkAround

N/A

Affected CVE

See CVE list in advisory

Product Release Advisory - VMware Tanzu for MySQL on Cloud Foundry 10.0.2

Advisory ID	TNZ-2025-0085
Tanzu Issue Date	2025-09-04
Updated on

	Highest Score CVE from list below advisory details
Severity	Critical
CVSS V4 Vector	Unavailable
CVSS V4 Score	Unavailable (Sev: Unavailable)
CVSS V3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS V3.1 Score	9.1 (Sev: CRITICAL)
CVSS V2 Vector	Unavailable
CVSS V2 Score	Unavailable (Sev: Unavailable)

Note: if cvss scores are "Unavailable" is is most likely due to the vulnerability being GHSA or BDSA without a matching CVE for nvd lookup.

Product Version Release Advisory

Product Release VMware Tanzu for MySQL on Cloud Foundry 10.0.2
Product Release Notes: https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-mysql-on-cloud-foundry/10-0/mysql-for-tpcf/release-notes.html

Security Fixes This release has the following security fixes, listed by component.

Component	Vulnerabilities Resolved
adbr	No known CVE - GHSA-vrw8-fxc6-2r93 (Medium)
cf-cli	CVE-2025-22871 (Critical) CVE-2025-22868 - GHSA-6v2p-p543-phr9 (High)
cf-service-gateway	CVE-2025-22874 (High) CVE-2025-4673 (Medium) CVE-2025-0913 (Medium)
dedicated-mysql	CVE-2025-22874 (High) CVE-2025-4673 (Medium) CVE-2025-30688 (Medium) CVE-2025-30687 (Medium) CVE-2025-30682 (Medium) CVE-2025-21577 (Medium) CVE-2025-21575 (Medium) CVE-2025-21574 (Medium) CVE-2025-30695 (Medium) CVE-2025-30693 (Medium) CVE-2025-0913 (Medium) CVE-2025-50088 (Medium) CVE-2025-30715 (Medium) CVE-2025-30705 (Medium) CVE-2025-30699 (Medium) CVE-2025-30696 (Medium) CVE-2025-30689 (Medium) CVE-2025-30685 (Medium) CVE-2025-30684 (Medium) CVE-2025-30683 (Medium) CVE-2025-21585 (Medium) CVE-2025-21584 (Medium) CVE-2025-21581 (Medium) CVE-2025-21580 (Medium) CVE-2025-21579 (Medium) CVE-2025-30704 (Medium) CVE-2025-30721 (Medium) CVE-2025-30703 (Low) CVE-2025-30681 (Low)
dedicated-mysql-adapter	CVE-2025-4674 (High) CVE-2025-22874 (High) CVE-2025-4673 (Medium) No known CVE - GHSA-vrw8-fxc6-2r93 (Medium) CVE-2025-0913 (Medium)
mysql-monitoring	CVE-2025-4674 (High) CVE-2025-22874 (High) CVE-2025-4673 (Medium) CVE-2025-0913 (Medium)
on-demand-service-broker	CVE-2025-4674 (High) CVE-2025-22874 (High) CVE-2025-4673 (Medium) CVE-2025-0913 (Medium)
pxc	CVE-2025-4674 (High) CVE-2025-22874 (High) CVE-2025-4673 (Medium) CVE-2025-30688 (Medium) CVE-2025-30687 (Medium) CVE-2025-30682 (Medium) CVE-2025-21577 (Medium) CVE-2025-21575 (Medium) CVE-2025-21574 (Medium) CVE-2025-30695 (Medium) CVE-2025-30693 (Medium) CVE-2025-0913 (Medium) CVE-2025-50088 (Medium) CVE-2025-30715 (Medium) CVE-2025-30705 (Medium) CVE-2025-30699 (Medium) CVE-2025-30696 (Medium) CVE-2025-30689 (Medium) CVE-2025-30685 (Medium) CVE-2025-30684 (Medium) CVE-2025-30683 (Medium) CVE-2025-21585 (Medium) CVE-2025-21584 (Medium) CVE-2025-21581 (Medium) CVE-2025-21580 (Medium) CVE-2025-21579 (Medium) CVE-2025-30704 (Medium) CVE-2025-30721 (Medium) CVE-2025-30703 (Low) CVE-2025-30681 (Low)
routing	CVE-2025-22871 (Critical) CVE-2024-53427 (High) CVE-2025-22868 - GHSA-6v2p-p543-phr9 (High) CVE-2023-39325 - GHSA-4374-p667-p6c8 (High) CVE-2025-48060 (High) CVE-2024-23337 (Medium) CVE-2023-3978 - GHSA-2wrh-6pvc-2jm9 (Medium) CVE-2023-44487 - GHSA-qppj-fm5r-hxr3 (Medium) CVE-2023-45288 - GHSA-4v7x-pqxf-cx7m (Medium)