Product Release Advisory - VMware Tanzu for Postgres 18.1.0, 17.7.0, 16.11.0, 15.15.0, 14.20.0, 13.23.0

Product/Component

VMware Tanzu Data Intelligence

6 more products

Notification Id

36564

Last Updated

01 December 2025

Initial Publication Date

01 December 2025

Status

CLOSED

Severity

CRITICAL

CVSS Base Score

9.8

WorkAround

Affected CVE

Product Release Advisory

Advisory ID:	TNZ-2025-0304
Severity:	Critical
Issue Date:	2025-12-01
Updated on:	2025-12-01
Synopsys	Updated multiple dependencies which resulted in the below CVEs remediated in these releases.

Product Version Release Advisory

VMware Tanzu for Postgres 18.1.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/18-1/tnz-postgres/index.html

VMware Tanzu for Postgres 17.7.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/17-7/tnz-postgres/index.html

VMware Tanzu for Postgres 16.11.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/16-11/tnz-postgres/index.html

VMware Tanzu for Postgres 15.15.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/15-15/tnz-postgres/index.html

VMware Tanzu for Postgres 14.20.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/14-20/tnz-postgres/index.html

VMware Tanzu for Postgres 13.23.0

https://techdocs.broadcom.com/us/en/vmware-tanzu/data-solutions/tanzu-for-postgres/13-23/tnz-postgres/index.html

Security Fixes

This release has the following security fixes, listed by component and area.

Component	Vulnerabilities Resolved
VMware Tanzu for Postgres 18.1.0	CVE-2024-45336 (medium) CVE-2024-45341(medium) CVE-2025-12818 (medium) CVE-2025-22866 (medium) CVE-2025-12817 (low) GHSA-rqc4-2hc7-8c8v (high)
VMware Tanzu for Postgres 17.7.0	GHSA-69j4-grxj-j64p (medium) GHSA-rh4j-5rhw-hr54 (high) GHSA-rcv9-qm8p-9p6j (medium) GHSA-4w7r-h757-3r74 (medium) GHSA-5cmr-4px5-23pc (high) GHSA-m42m-m8cr-8m58 (high) GHSA-pgr7-mhp5-fgjp (critical) GHSA-4qjh-9fv9-r85r (low) GHSA-6qv9-48xg-fc7f (high) CVE-2024-45341 (medium) GHSA-2586-f3p4-hq84 (high) GHSA-hj4w-hm2g-p6w5 (critical) GHSA-3f6c-7fw2-ppm4 (high) GHSA-q2wp-rjmx-x6x9 (medium) GHSA-6fvq-23cw-5628 (medium) CVE-2024-45336 (medium) CVE-2025-22866 (medium) GHSA-8qvm-5x2c-j2w7 (high) GHSA-pmqf-x6x8-p7qw (medium) GHSA-fpwr-67px-3qhx (medium) GHSA-w6q7-j642-7c25 (medium) GHSA-rxc4-3w6r-4v47 (high) GHSA-wr9h-g72x-mwhm (high) GHSA-cpwx-vrp4-4pq7 (medium) GHSA-2c2j-9gv5-cj73 (medium) GHSA-53q9-r3pm-6pq6 (critical) GHSA-ggpf-24jw-3fcw (critical) GHSA-x3m8-f7g5-qhm7 (critical) GHSA-hf3c-wxg2-49q9 (medium) GHSA-hjq4-87xh-g4fv (critical) GHSA-rqc4-2hc7-8c8v (high) GHSA-w4rh-fgx7-q63m (medium) GHSA-9f8f-2vmf-885j (high) GHSA-qq3j-4f4f-9583 (medium) GHSA-mgrm-fgjv-mhv8 (medium) GHSA-3749-ghw9-m3mg (low) GHSA-37mw-44qp-f5jm (medium) GHSA-48p4-8xcf-vxj5 (medium) GHSA-6wgj-66m2-xxp2 (critical) GHSA-389x-67px-mjg3 (medium) GHSA-9pcc-gvx5-r5wm (high) GHSA-j828-28rj-hfhp (medium) GHSA-jjph-296x-mrcr (medium) GHSA-9356-575x-2w9m (medium) GHSA-vqfr-h8mv-ghfj (critical) CVE-2025-12817 (low) CVE-2025-12818 (medium) GHSA-887c-mr87-cxwp (low) GHSA-7f5h-v6xp-fcq8 (high) GHSA-phhr-52qp-3mj4 (low) GHSA-9548-qrrj-x5pj (low) GHSA-59p9-h35m-wg4g (medium) GHSA-rm76-4mrf-v9r8 (low) GHSA-9hjg-9r4m-mvj7 (medium)
VMware Tanzu for Postgres 16.11.0	CVE-2024-45341 (medium) CVE-2025-22866 (medium) GHSA-rqc4-2hc7-8c8v (high) GHSA-cpwx-vrp4-4pq7 (medium) GHSA-vqfr-h8mv-ghfj (critical) GHSA-9f8f-2vmf-885j (high) GHSA-j828-28rj-hfhp (medium) GHSA-9hjg-9r4m-mvj7 (medium) GHSA-q2wp-rjmx-x6x9 (medium) GHSA-6wgj-66m2-xxp2 (critical) GHSA-6fvq-23cw-5628 (medium) CVE-2025-12817 (low) GHSA-rh4j-5rhw-hr54 (high) GHSA-phhr-52qp-3mj4 (low) CVE-2025-12818 (medium) GHSA-hjq4-87xh-g4fv (critical) GHSA-jjph-296x-mrcr (medium) GHSA-5cmr-4px5-23pc (high) GHSA-48p4-8xcf-vxj5 (medium) GHSA-ggpf-24jw-3fcw (critical) GHSA-37mw-44qp-f5jm (medium) GHSA-9356-575x-2w9m (medium) GHSA-4w7r-h757-3r74 (medium) GHSA-3749-ghw9-m3mg (low) GHSA-rxc4-3w6r-4v47 (high) GHSA-wr9h-g72x-mwhm (high) GHSA-53q9-r3pm-6pq6 (critical) GHSA-x3m8-f7g5-qhm7 (critical) GHSA-qq3j-4f4f-9583 (medium) GHSA-pgr7-mhp5-fgjp (critical) GHSA-fpwr-67px-3qhx (medium) GHSA-4qjh-9fv9-r85r (low) GHSA-6qv9-48xg-fc7f (high) GHSA-rm76-4mrf-v9r8 (low) GHSA-69j4-grxj-j64p (medium) GHSA-pmqf-x6x8-p7qw (medium) GHSA-389x-67px-mjg3 (medium) GHSA-hf3c-wxg2-49q9 (medium) GHSA-hj4w-hm2g-p6w5 (critical) GHSA-9pcc-gvx5-r5wm (high) GHSA-8qvm-5x2c-j2w7 (high) GHSA-9548-qrrj-x5pj (low) GHSA-59p9-h35m-wg4g (medium) GHSA-7f5h-v6xp-fcq8 (high) CVE-2024-45336 (medium) GHSA-w4rh-fgx7-q63m (medium) GHSA-mgrm-fgjv-mhv8 (medium) GHSA-2c2j-9gv5-cj73 (medium) GHSA-rcv9-qm8p-9p6j (medium) GHSA-m42m-m8cr-8m58 (high) GHSA-w6q7-j642-7c25 (medium) GHSA-3f6c-7fw2-ppm4 (high) GHSA-2586-f3p4-hq84 (high) GHSA-887c-mr87-cxwp (low)
VMware Tanzu for Postgres 15.15.0	GHSA-hf3c-wxg2-49q9 (medium) GHSA-vqfr-h8mv-ghfj (critical) GHSA-wr9h-g72x-mwhm (high) GHSA-cpwx-vrp4-4pq7 (medium) GHSA-9hjg-9r4m-mvj7 (medium) GHSA-ggpf-24jw-3fcw (critical) CVE-2025-22866 (medium) GHSA-2586-f3p4-hq84 (high) GHSA-w4rh-fgx7-q63m (medium) GHSA-pgr7-mhp5-fgjp (critical) GHSA-3749-ghw9-m3mg (low) GHSA-887c-mr87-cxwp (low) GHSA-rcv9-qm8p-9p6j (medium) CVE-2025-12817 (low) CVE-2024-45341 (medium) GHSA-w6q7-j642-7c25 (medium) GHSA-4qjh-9fv9-r85r (low) GHSA-7f5h-v6xp-fcq8 (high) GHSA-69j4-grxj-j64p (medium) GHSA-59p9-h35m-wg4g (medium) GHSA-pmqf-x6x8-p7qw (medium) GHSA-53q9-r3pm-6pq6 (critical) GHSA-9pcc-gvx5-r5wm (high) GHSA-48p4-8xcf-vxj5 (medium) GHSA-5cmr-4px5-23pc (high) GHSA-9356-575x-2w9m (medium) GHSA-hj4w-hm2g-p6w5 (critical) GHSA-8qvm-5x2c-j2w7 (high) GHSA-37mw-44qp-f5jm (medium) GHSA-9548-qrrj-x5pj (low) GHSA-m42m-m8cr-8m58 (high) CVE-2025-12818 (medium) GHSA-6qv9-48xg-fc7f (high) GHSA-389x-67px-mjg3 (medium) GHSA-hjq4-87xh-g4fv (critical) GHSA-qq3j-4f4f-9583 (medium) GHSA-2c2j-9gv5-cj73 (medium) GHSA-rxc4-3w6r-4v47 (high) GHSA-rqc4-2hc7-8c8v (high) GHSA-phhr-52qp-3mj4 (low) GHSA-q2wp-rjmx-x6x9 (medium) GHSA-6wgj-66m2-xxp2 (critical) GHSA-rm76-4mrf-v9r8 (low) GHSA-j828-28rj-hfhp (medium) GHSA-4w7r-h757-3r74 (medium) GHSA-3f6c-7fw2-ppm4 (high) GHSA-x3m8-f7g5-qhm7 (critical) GHSA-mgrm-fgjv-mhv8 (medium) GHSA-9f8f-2vmf-885j (high) GHSA-6fvq-23cw-5628 (medium) GHSA-rh4j-5rhw-hr54 (high) GHSA-fpwr-67px-3qhx (medium) CVE-2024-45336 (medium) GHSA-jjph-296x-mrcr (medium)
VMware Tanzu for Postgres 14.20.0	CVE-2024-45341 (medium) GHSA-pgr7-mhp5-fgjp (critical) GHSA-j828-28rj-hfhp (medium) GHSA-rh4j-5rhw-hr54 (high) GHSA-48p4-8xcf-vxj5 (medium) GHSA-389x-67px-mjg3 (medium) GHSA-ggpf-24jw-3fcw (critical) GHSA-rqc4-2hc7-8c8v (high) GHSA-59p9-h35m-wg4g (medium) GHSA-887c-mr87-cxwp (low) GHSA-9hjg-9r4m-mvj7 (medium) GHSA-6wgj-66m2-xxp2 (critical) GHSA-x3m8-f7g5-qhm7 (critical) GHSA-53q9-r3pm-6pq6 (critical) GHSA-9pcc-gvx5-r5wm (high) GHSA-37mw-44qp-f5jm (medium) GHSA-2c2j-9gv5-cj73 (medium) GHSA-9356-575x-2w9m (medium) GHSA-mgrm-fgjv-mhv8 (medium) GHSA-4qjh-9fv9-r85r (low) GHSA-wr9h-g72x-mwhm (high) GHSA-pmqf-x6x8-p7qw (medium) GHSA-hf3c-wxg2-49q9 (medium) GHSA-9f8f-2vmf-885j (high) GHSA-rcv9-qm8p-9p6j (medium) GHSA-4w7r-h757-3r74 (medium) GHSA-rm76-4mrf-v9r8 (low) GHSA-cpwx-vrp4-4pq7 (medium) GHSA-jjph-296x-mrcr (medium) GHSA-9548-qrrj-x5pj (low) CVE-2024-45336 (medium) GHSA-3749-ghw9-m3mg (low) GHSA-fpwr-67px-3qhx (medium) GHSA-qq3j-4f4f-9583 (medium) GHSA-q2wp-rjmx-x6x9 (medium) CVE-2025-22866 (medium) GHSA-8qvm-5x2c-j2w7 (high) GHSA-3f6c-7fw2-ppm4 (high) GHSA-69j4-grxj-j64p (medium) CVE-2025-12817 (low) GHSA-hjq4-87xh-g4fv (critical) GHSA-5cmr-4px5-23pc (high) GHSA-m42m-m8cr-8m58 (high) GHSA-hj4w-hm2g-p6w5 (critical) GHSA-w6q7-j642-7c25 (medium) GHSA-w4rh-fgx7-q63m (medium) GHSA-6qv9-48xg-fc7f (high) CVE-2025-12818 (medium) GHSA-vqfr-h8mv-ghfj (critical) GHSA-phhr-52qp-3mj4 (low) GHSA-rxc4-3w6r-4v47 (high) GHSA-6fvq-23cw-5628 (medium) GHSA-7f5h-v6xp-fcq8 (high) GHSA-2586-f3p4-hq84 (high)
VMware Tanzu for Postgres 13.23.0	GHSA-2c2j-9gv5-cj73 (medium) GHSA-rm76-4mrf-v9r8 (low) CVE-2025-22866 (medium) GHSA-3749-ghw9-m3mg (low) GHSA-rcv9-qm8p-9p6j (medium) GHSA-2586-f3p4-hq84 (high) GHSA-rqc4-2hc7-8c8v (high) GHSA-4qjh-9fv9-r85r (low) GHSA-48p4-8xcf-vxj5 (medium) GHSA-m42m-m8cr-8m58 (high) GHSA-6fvq-23cw-5628 (medium) GHSA-7f5h-v6xp-fcq8 (high) GHSA-x3m8-f7g5-qhm7 (critical) GHSA-887c-mr87-cxwp (low) GHSA-j828-28rj-hfhp (medium) GHSA-phhr-52qp-3mj4 (low) GHSA-37mw-44qp-f5jm (medium) GHSA-wr9h-g72x-mwhm (high) GHSA-6qv9-48xg-fc7f (high) GHSA-53q9-r3pm-6pq6 (critical) GHSA-59p9-h35m-wg4g (medium) GHSA-69j4-grxj-j64p (medium) CVE-2025-12817 (low) GHSA-hj4w-hm2g-p6w5 (critical) GHSA-9pcc-gvx5-r5wm (high) GHSA-8qvm-5x2c-j2w7 (high) GHSA-hjq4-87xh-g4fv (critical) GHSA-3f6c-7fw2-ppm4 (high) GHSA-389x-67px-mjg3 (medium) GHSA-vqfr-h8mv-ghfj (critical) GHSA-qq3j-4f4f-9583 (medium) GHSA-jjph-296x-mrcr (medium) GHSA-rxc4-3w6r-4v47 (high) CVE-2024-45341 (medium) GHSA-hf3c-wxg2-49q9 (medium) GHSA-9f8f-2vmf-885j (high) GHSA-q2wp-rjmx-x6x9 (medium) CVE-2025-12818 (medium) GHSA-fpwr-67px-3qhx (medium) GHSA-5cmr-4px5-23pc (high) GHSA-6wgj-66m2-xxp2 (critical) GHSA-cpwx-vrp4-4pq7 (medium) GHSA-w6q7-j642-7c25 (medium) GHSA-rh4j-5rhw-hr54 (high) GHSA-9548-qrrj-x5pj (low) GHSA-pmqf-x6x8-p7qw (medium) CVE-2024-45336 (medium) GHSA-pgr7-mhp5-fgjp (critical) GHSA-ggpf-24jw-3fcw (critical) GHSA-w4rh-fgx7-q63m (medium) GHSA-9hjg-9r4m-mvj7 (medium) GHSA-4w7r-h757-3r74 (medium) GHSA-mgrm-fgjv-mhv8 (medium) GHSA-9356-575x-2w9m (medium)

History

2025-12-01: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security