Product Release Advisory

Advisory ID:	TNZ-2025-0097
Severity:	Critical
Issue Date:	2025-10-10
Updated on:	2025-10-10
Synopsis	Many critical & high vulnerabilities were found in Tanzu for MySQL on Kubernetes 1.10, which is addressed in Tanzu for MySQL on Kubernetes 2.0

Product Version Release Advisory

VMware Tanzu for MySQL on Kubernetes

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-mysql-on-kubernetes/2-0/vmware-mysql-k8s/cve.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component

Vulnerabilities Resolved

MySQL 1.10, fixed in MySQL 2.0

GHSA-8q59-q68h-6hv4 (critical)
CVE-2024-24790 (critical)
CVE-2022-1292 (critical)
CVE-2022-2068 (critical)
CVE-2025-22871 (critical)
CVE-2024-5535 (critical)
GHSA-v778-237x-gjrc (critical)
CVE-2023-39323 (high)
CVE-2023-44487 (high)
CVE-2023-4807 (high)
CVE-2023-39325 (high)
CVE-2023-0401 (high)
GHSA-4374-p667-p6c8 (high)
CVE-2024-34156 (high)
CVE-2023-5363 (high)
CVE-2024-4741 (high)
CVE-2022-3358 (high)
CVE-2024-24784 (high)
CVE-2024-6119 (high)
CVE-2022-3602 (high)
CVE-2023-45288 (high)
CVE-2023-0215 (high)
CVE-2023-0464 (high)
CVE-2024-34158 (high)
GHSA-hcg3-q754-cr77 (high)
CVE-2023-0217 (high)
CVE-2022-1473 (high)
CVE-2023-45285 (high)
CVE-2022-3786 (high)
CVE-2023-0216 (high)
CVE-2024-24791 (high)
GHSA-m425-mq94-257g (high)
CVE-2022-4450 (high)
CVE-2022-3996 (high)
CVE-2023-0286 (high)
CVE-2025-4673 (medium)
GHSA-43fp-rhv2-5gv8 (medium)
CVE-2023-45290 (medium)
CVE-2023-2650 (medium)
CVE-2023-6129 (medium)
CVE-2024-24787 (medium)
CVE-2024-45336 (medium)
CVE-2024-45341 (medium)
GHSA-2wrh-6pvc-2jm9 (medium)
CVE-2024-21160 (medium)
CVE-2024-21219 (medium)
CVE-2024-21213 (medium)
CVE-2025-30682 (medium)
CVE-2024-20965 (medium)
CVE-2025-0938 (medium)
CVE-2024-0450 (medium)
CVE-2024-10041 (medium)
CVE-2023-47038 (medium)
CVE-2025-30687 (medium)
CVE-2023-6918 (medium)
CVE-2022-48560 (medium)
CVE-2023-22078 (medium)
CVE-2025-21579 (medium)
CVE-2024-21069 (medium)
CVE-2024-21236 (medium)
CVE-2024-45492 (medium)
CVE-2025-21490 (medium)
CVE-2023-39804 (medium)
CVE-2024-21051 (medium)
CVE-2024-21198 (medium)
CVE-2024-21050 (medium)
CVE-2024-20962 (medium)
CVE-2024-21015 (medium)
CVE-2025-21521 (medium)
CVE-2024-21239 (medium)
CVE-2025-30703 (medium)
CVE-2023-22079 (medium)
CVE-2025-21503 (medium)
CVE-2024-21197 (medium)
CVE-2024-20983 (medium)
CVE-2024-21179 (medium)
CVE-2024-20966 (medium)
CVE-2022-45061 (medium)
CVE-2024-20963 (medium)
CVE-2024-20964 (medium)
CVE-2023-22097 (medium)
CVE-2024-20996 (medium)
CVE-2025-21581 (medium)
CVE-2024-21057 (medium)
CVE-2025-0395 (medium)
CVE-2025-21519 (medium)
CVE-2025-21494 (medium)
CVE-2024-20984 (medium)
CVE-2025-21575 (medium)
CVE-2024-21053 (medium)
CVE-2023-27043 (medium)
CVE-2025-21492 (medium)
CVE-2024-21130 (medium)
CVE-2023-22070 (medium)
CVE-2024-21166 (medium)
CVE-2024-21196 (medium)
CVE-2024-20977 (medium)
CVE-2025-30681 (medium)
CVE-2024-21061 (medium)
CVE-2024-21177 (medium)
CVE-2024-20973 (medium)
CVE-2025-24528 (medium)
CVE-2021-4189 (medium)
CVE-2024-21207 (medium)
CVE-2024-21055 (medium)
CVE-2025-29088 (medium)
CVE-2024-20994 (medium)
CVE-2024-21201 (medium)
CVE-2024-21054 (medium)
CVE-2024-20960 (medium)
CVE-2023-24329 (medium)
CVE-2025-21501 (medium)
CVE-2025-30684 (medium)
CVE-2023-5156 (medium)
CVE-2025-21518 (medium)
CVE-2025-30705 (medium)
CVE-2025-21559 (medium)
CVE-2025-30722 (medium)
CVE-2024-21241 (medium)
CVE-2023-7104 (medium)
CVE-2022-48564 (medium)
CVE-2023-22064 (medium)
CVE-2024-21135 (medium)
CVE-2025-21525 (medium)
CVE-2024-21013 (medium)
CVE-2023-6004 (medium)
CVE-2024-21009 (medium)
CVE-2024-20969 (medium)
CVE-2022-48566 (medium)
CVE-2025-4802 (medium)
CVE-2024-28182 (medium)
CVE-2024-21212 (medium)
CVE-2024-6232 (medium)
CVE-2024-3596 (medium)
CVE-2024-12088 (medium)
CVE-2024-50602 (medium)
CVE-2024-8088 (medium)
CVE-2023-36054 (medium)
GHSA-vvgc-356p-c3xw (medium)
CVE-2025-30693 (medium)
CVE-2025-21585 (medium)
CVE-2024-21159 (medium)
CVE-2024-21157 (medium)
CVE-2024-20998 (medium)
CVE-2025-30685 (medium)
CVE-2024-21162 (medium)
CVE-2023-22032 (medium)
CVE-2024-37370 (medium)
CVE-2023-40217 (medium)
CVE-2024-33599 (medium)
CVE-2024-21087 (medium)
CVE-2023-22059 (medium)
CVE-2022-40735 (medium)
CVE-2024-21134 (medium)
CVE-2025-30721 (medium)
CVE-2024-28085 (medium)
CVE-2024-2961 (medium)
CVE-2024-20974 (medium)
CVE-2025-30695 (medium)
CVE-2023-22103 (medium)
CVE-2024-21062 (medium)
CVE-2023-46218 (medium)
CVE-2023-6597 (medium)
CVE-2024-6923 (medium)
CVE-2024-12085 (medium)
CVE-2024-33602 (medium)
CVE-2024-21129 (medium)
CVE-2024-20961 (medium)
CVE-2024-2398 (medium)
CVE-2025-30689 (medium)
CVE-2025-21491 (medium)
CVE-2024-21173 (medium)
CVE-2024-21194 (medium)
CVE-2023-22068 (medium)
CVE-2024-21096 (medium)
CVE-2024-21052 (medium)
CVE-2025-30688 (medium)
CVE-2024-21047 (medium)
CVE-2025-21522 (medium)
CVE-2024-21008 (medium)
CVE-2023-48795 (medium)
CVE-2025-21536 (medium)
CVE-2024-20985 (medium)
CVE-2024-33600 (medium)
CVE-2024-21165 (medium)
CVE-2022-0391 (medium)
CVE-2024-21237 (medium)
CVE-2023-22066 (medium)
CVE-2024-20970 (medium)
CVE-2025-30696 (medium)
CVE-2024-28834 (medium)
CVE-2023-5981 (medium)
CVE-2024-21127 (medium)
CVE-2024-21060 (medium)
CVE-2024-21185 (medium)
CVE-2024-21199 (medium)
CVE-2024-0553 (medium)
CVE-2024-11168 (medium)
CVE-2024-21230 (medium)
CVE-2024-21137 (medium)
CVE-2025-21580 (medium)
CVE-2024-21125 (medium)
CVE-2024-20972 (medium)
CVE-2025-21577 (medium)
CVE-2024-21163 (medium)
CVE-2025-21500 (medium)
CVE-2025-21504 (medium)
CVE-2024-21142 (medium)
CVE-2023-22114 (medium)
CVE-2024-21102 (medium)
CVE-2024-45490 (medium)
CVE-2023-22084 (medium)
CVE-2024-37371 (medium)
CVE-2024-21000 (medium)
CVE-2024-21200 (medium)
CVE-2025-21574 (medium)
CVE-2024-21049 (medium)
CVE-2025-21584 (medium)
CVE-2025-30683 (medium)
CVE-2024-20981 (medium)
CVE-2024-12243 (medium)
CVE-2025-21534 (medium)
CVE-2024-12133 (medium)
CVE-2025-21497 (medium)
CVE-2024-22365 (medium)
CVE-2024-12747 (medium)
CVE-2024-20971 (medium)
CVE-2024-21171 (medium)
CVE-2024-9287 (medium)
CVE-2024-21193 (medium)
CVE-2024-21056 (medium)
CVE-2025-21546 (medium)
CVE-2024-45491 (medium)
CVE-2022-48565 (medium)
CVE-2024-20967 (medium)
CVE-2024-12087 (medium)
CVE-2024-20978 (medium)
CVE-2023-22092 (medium)
CVE-2025-21529 (medium)
CVE-2025-3576 (medium)
CVE-2025-21523 (medium)
CVE-2025-30699 (medium)
CVE-2025-21555 (medium)
CVE-2023-22112 (medium)
CVE-2024-20993 (medium)
CVE-2024-20976 (medium)
CVE-2024-20982 (medium)
CVE-2024-20968 (medium)
CVE-2025-21540 (medium)
CVE-2025-30704 (medium)
CVE-2024-33601 (medium)
CVE-2025-40909 (medium)
CVE-2025-21505 (medium)
CVE-2025-30715 (medium)
CVE-2024-8096 (medium)
CVE-2024-24783 (medium)
CVE-2023-1255 (medium)
CVE-2024-2511 (medium)
GHSA-45x7-px36-x8w8 (medium)
CVE-2023-6237 (medium)
CVE-2022-1434 (medium)
CVE-2022-4304 (medium)
CVE-2024-24789 (medium)
CVE-2024-0727 (medium)
CVE-2024-24785 (medium)
CVE-2023-5678 (medium)
CVE-2022-1343 (medium)
CVE-2023-2975 (medium)
GHSA-4v7x-pqxf-cx7m (medium)
CVE-2023-3446 (medium)
CVE-2023-39326 (medium)
CVE-2024-4603 (medium)
CVE-2022-2097 (medium)
CVE-2023-3817 (medium)
GHSA-qppj-fm5r-hxr3 (medium)
CVE-2023-0466 (medium)
CVE-2023-0465 (medium)
CVE-2022-4203 (medium)
GHSA-qxp5-gwg8-xv66 (medium)
CVE-2023-45289 (medium)
CVE-2024-34155 (medium)
CVE-2024-9143 (medium)
CVE-2025-22866 (medium)
GHSA-29wx-vh33-7x7r (low)
CVE-2024-4032 (low)
CVE-2025-27587 (low)
CVE-2023-2953 (low)
CVE-2023-4806 (low)
CVE-2023-7008 (low)
CVE-2023-29383 (low)
CVE-2023-26604 (low)
CVE-2023-4641 (low)
CVE-2013-4235 (low)
CVE-2021-46848 (low)
CVE-2023-4813 (low)
CVE-2024-5642 (low)
CVE-2024-26461 (low)
CVE-2023-45918 (low)
CVE-2024-21231 (low)
CVE-2023-4039 (low)
CVE-2024-2236 (low)
CVE-2016-2781 (low)
CVE-2023-38546 (low)
CVE-2023-4016 (low)
CVE-2024-26458 (none)
CVE-2017-11164 (none)
CVE-2016-20013 (none)

History

2025-10-10 Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories: https://tanzu.vmware.com/security