Product Release Advisory - VMware Tanzu GemFire 10.1.5

Product/Component

VMware Tanzu Data Intelligence

3 more products

Notification Id

36459

Last Updated

18 November 2025

Initial Publication Date

18 November 2025

Status

CLOSED

Severity

HIGH

CVSS Base Score

WorkAround

Affected CVE

Product Release Advisory

Advisory ID:	TNZ-2025-0228
Severity:	High
Issue Date:	2025-11-18
Updated on:	2025-11-18
Synopsis	Bumped multiple dependencies, which resulted in at least 5 CVEs remediated in this release

Product Version Release Advisory

VMware Tanzu GemFire 10.1.5
- https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-gemfire/10-1/gf/release_notes.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
Jetty	CVE-2025-5115 (high)
Netty	CVE-2025-58056 (low) CVE-2025-58057 (medium) CVE-2025-59419 (medium)
Spring Framework	CVE-2025-41254 (medium)

History

2025-11-18 Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security