Product Release Advisory - VMware Tanzu GemFire on Kubertnetes 2.6.1

VMware Tanzu Data Intelligence

3 more products

36997

24 February 2026

24 February 2026

CLOSED

CRITICAL

10

CVE-2025-68121

Individual Advisory

Advisory ID:

TNZ-2025-0419

Severity:

Critical

CVSSv3 Range:

10.0

CVSSv3 Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Issue Date:

2025-02-23

Updated on:

 

CVE

CVE-2025-68121

Synopsis

This vulnerability could cause certificate chains to not be re-checked on TLS session resumption, potentially allowing a client or server to resume sessions that would have been rejected during the initial handshake.

The Operator v2.6.1 upgrades to golang v1.25.7 which addressed this critical vulnerability in the crypto/tls package.

 

Product Versions Affected

  • Affected thru VMware Tanzu GemFire on Kubernetes 2.6.0
  • Unaffected from VMware Tanzu GemFire on Kubernetes 2.6.1 and later

Upstream OSS Advisory Link:
https://nvd.nist.gov/vuln/detail/CVE-2025-68121

Mitigation

Users of affected versions should apply the following mitigation or upgrade:

  • Immediately upgrade to VMware Tanzu GemFire on Kubernetes v2.6.1 or later

History

2025-02-23: Initial vulnerability report published.

Contact

E-mail: [email protected]

VMware Tanzu Security Advisories
https://tanzu.vmware.com/security