Vulnerability-Lookup

CVE-2025-11413 (GCVE-0-2025-11413)

Vulnerability from cvelistv5 – Published: 2025-10-07 22:02 – Updated: 2026-02-24 06:49 X_Open Source

Title

GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds

Summary

A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-125 - Out-of-Bounds Read
CWE-119 - Memory Corruption

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.327349	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.327349	signaturepermissions-required
	https://vuldb.com/?submit.665587	third-party-advisory
	https://vuldb.com/?submit.665590	third-party-advisory
	https://sourceware.org/bugzilla/show_bug.cgi?id=33452	issue-tracking
	https://sourceware.org/bugzilla/show_bug.cgi?id=3…	issue-tracking
	https://sourceware.org/bugzilla/attachment.cgi?id=16362	exploit
	https://sourceware.org/git/gitweb.cgi?p=binutils-…	patch
	https://www.gnu.org/	product

Impacted products

	Vendor	Product	Version
	GNU	Binutils	Affected: 2.45 Unaffected: 2.46 cpe:2.3:a:gnu:binutils::::::::

Credits

Yifan Zhang (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-11413",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-08T14:38:58.101222Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-08T17:34:48.460Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*"
          ],
          "modules": [
            "Linker"
          ],
          "product": "Binutils",
          "vendor": "GNU",
          "versions": [
            {
              "status": "affected",
              "version": "2.45"
            },
            {
              "status": "unaffected",
              "version": "2.46"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Yifan Zhang (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "Out-of-Bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "Memory Corruption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-24T06:49:14.455Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-327349 | GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.327349"
        },
        {
          "name": "VDB-327349 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.327349"
        },
        {
          "name": "Submit #665587 | GNU Binutils 2.45 Out-of-Bounds Read",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.665587"
        },
        {
          "name": "Submit #665590 | GNU Binutils 2.45 Heap-based Buffer Overflow (Duplicate)",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.665590"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16362"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.gnu.org/"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-10-07T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-10-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-11-17T21:46:40.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-11413",
    "datePublished": "2025-10-07T22:02:12.368Z",
    "dateReserved": "2025-10-07T10:40:46.002Z",
    "dateUpdated": "2026-02-24T06:49:14.455Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-11413\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-08T14:38:58.101222Z\"}}}], \"references\": [{\"url\": \"https://sourceware.org/bugzilla/show_bug.cgi?id=33452\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-08T13:39:18.449Z\"}}], \"cna\": {\"tags\": [\"x_open-source\"], \"title\": \"GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Yifan Zhang (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 1.7, \"vectorString\": \"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C\"}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:gnu:binutils:*:*:*:*:*:*:*:*\"], \"vendor\": \"GNU\", \"modules\": [\"Linker\"], \"product\": \"Binutils\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.45\"}, {\"status\": \"unaffected\", \"version\": \"2.46\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-10-07T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-10-07T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-11-17T21:46:40.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.327349\", \"name\": \"VDB-327349 | GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.327349\", \"name\": \"VDB-327349 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.665587\", \"name\": \"Submit #665587 | GNU Binutils 2.45 Out-of-Bounds Read\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://vuldb.com/?submit.665590\", \"name\": \"Submit #665590 | GNU Binutils 2.45 Heap-based Buffer Overflow (Duplicate)\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://sourceware.org/bugzilla/show_bug.cgi?id=33452\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://sourceware.org/bugzilla/attachment.cgi?id=16362\", \"tags\": [\"exploit\"]}, {\"url\": \"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.gnu.org/\", \"tags\": [\"product\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"Out-of-Bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-119\", \"description\": \"Memory Corruption\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2026-02-24T06:49:14.455Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-11413\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-24T06:49:14.455Z\", \"dateReserved\": \"2025-10-07T10:40:46.002Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-10-07T22:02:12.368Z\", \"assignerShortName\": \"VulDB\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

GHSA-W337-WPHV-G4VH

Vulnerability from github – Published: 2025-10-08 00:31 – Updated: 2026-02-24 09:31

Details

Severity ?

3.3 (Low)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

1.9 (Low)


                  
                    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-11413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-07T22:15:34Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.",
  "id": "GHSA-w337-wphv-g4vh",
  "modified": "2026-02-24T09:31:13Z",
  "published": "2025-10-08T00:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11413"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16362"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.327349"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.327349"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.665587"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.665590"
    },
    {
      "type": "WEB",
      "url": "https://www.gnu.org"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

FKIE_CVE-2025-11413

Vulnerability from fkie_nvd - Published: 2025-10-07 22:15 - Updated: 2026-02-24 07:16

Severity ?

3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cna@vuldb.com	https://sourceware.org/bugzilla/attachment.cgi?id=16362	Broken Link
cna@vuldb.com	https://sourceware.org/bugzilla/show_bug.cgi?id=33452	Exploit, Issue Tracking
cna@vuldb.com	https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10	Exploit, Issue Tracking
cna@vuldb.com	https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0	Patch
cna@vuldb.com	https://vuldb.com/?ctiid.327349	Permissions Required, VDB Entry
cna@vuldb.com	https://vuldb.com/?id.327349	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.665587	Third Party Advisory, VDB Entry
cna@vuldb.com	https://vuldb.com/?submit.665590
cna@vuldb.com	https://www.gnu.org/	Product
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://sourceware.org/bugzilla/show_bug.cgi?id=33452	Exploit, Issue Tracking

Impacted products

	Vendor	Product	Version
	gnu	binutils	2.45

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:binutils:2.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CBCA58-29DE-4A0A-BAF0-D0188FAF4884",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised."
    }
  ],
  "id": "CVE-2025-11413",
  "lastModified": "2026-02-24T07:16:31.417",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 1.7,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 3.3,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-10-07T22:15:34.230",
  "references": [
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://sourceware.org/bugzilla/attachment.cgi?id=16362"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456#c10"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch"
      ],
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.327349"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.327349"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.665587"
    },
    {
      "source": "cna@vuldb.com",
      "url": "https://vuldb.com/?submit.665590"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Product"
      ],
      "url": "https://www.gnu.org/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit",
        "Issue Tracking"
      ],
      "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33452"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        },
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2025-AVI-0899

Vulnerability from certfr_avis - Published: 2025-10-20 - Updated: 2025-10-20

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	N/A	cbl2 gdb 11.2-7
Microsoft	N/A	cbl2 binutils 2.37-16
Microsoft	N/A	cbl2 redis 6.2.20-1
Microsoft	N/A	cbl2 redis 6.2.18-3
Microsoft	N/A	azl3 python3 3.12.9-4 versions antérieures à 3.12.9-5
Microsoft	N/A	cbl2 crash 8.0.1-4
Microsoft	N/A	cbl2 binutils 2.37-17
Microsoft	N/A	cbl2 pytorch 2.0.0-9
Microsoft	N/A	azl3 kernel 6.6.96.2-2
Microsoft	N/A	azl3 binutils 2.41-7
Microsoft	N/A	cbl2 qt5-qtsvg 5.12.11-6 versions antérieures à 5.12.11-7
Microsoft	N/A	cbl2 python3 3.9.19-14
Microsoft	N/A	azl3 openssh 9.8p1-4
Microsoft	N/A	cbl2 kernel 5.15.186.1-1
Microsoft	N/A	cbl2 rubygem-elasticsearch 8.3.0-1
Microsoft	N/A	azl3 kernel 6.6.104.2-1
Microsoft	N/A	cbl2 python3 3.9.19-15 versions antérieures à 3.9.19-16
Microsoft	N/A	cbl2 qemu 6.2.0-24
Microsoft	N/A	azl3 qemu 8.2.0-19
Microsoft	N/A	cbl2 gdb 11.2-6
Microsoft	N/A	cbl2 openssh 8.9p1-8 versions antérieures à 8.9p1-9
Microsoft	N/A	azl3 valkey 8.0.4-1 versions antérieures à 8.0.6-1
Microsoft	N/A	azl3 rubygem-elasticsearch 8.9.0-1
Microsoft	N/A	azl3 pytorch 2.2.2-7
Microsoft	N/A	azl3 ruby 3.3.5-5
Microsoft	N/A	cbl2 redis 6.2.18-3 versions antérieures à 6.2.20-1
Microsoft	N/A	azl3 qtsvg 6.6.1-2 versions antérieures à 6.6.1-3
Microsoft	N/A	azl3 valkey 8.0.4-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2025-39967	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39940	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11412	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39994	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39947	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53687	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39931	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39942	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55551	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-50502	2025-10-06	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-42321	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53195	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-39508	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53234	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39981	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46818	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39998	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39972	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39953	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49133	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39934	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39968	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39932	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-49844	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56709	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39965	2025-10-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39985	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11234	2025-10-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39970	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39980	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39977	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39964	2025-10-15	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39938	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11495	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56641	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2020-8130	2025-10-12	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-8291	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-21645	2025-10-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39982	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39987	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-40989	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-49568	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-37727	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49069	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46817	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-46717	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39961	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55552	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-41079	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39969	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-40966	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61985	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39949	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11414	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-46819	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39945	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-61984	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-48816	2025-10-08	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39955	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39937	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-55554	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-56592	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-10729	2025-10-07	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-11413	2025-10-11	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39929	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2022-49124	2025-10-17	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39946	2025-10-05	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39973	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-21629	2025-10-18	vendor-advisory
Bulletin de sécurité Microsoft CVE-2024-53196	2025-10-10	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39990	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39971	2025-10-16	vendor-advisory
Bulletin de sécurité Microsoft CVE-2025-39957	2025-10-10	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "cbl2 gdb 11.2-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.20-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.18-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 python3 3.12.9-4 versions ant\u00e9rieures \u00e0 3.12.9-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 crash 8.0.1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 binutils 2.37-17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 pytorch 2.0.0-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.96.2-2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 binutils 2.41-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qt5-qtsvg 5.12.11-6 versions ant\u00e9rieures \u00e0 5.12.11-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 openssh 9.8p1-4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 kernel 5.15.186.1-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 rubygem-elasticsearch 8.3.0-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.104.2-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 python3 3.9.19-15 versions ant\u00e9rieures \u00e0 3.9.19-16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 qemu 6.2.0-24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 qemu 8.2.0-19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 gdb 11.2-6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 openssh 8.9p1-8 versions ant\u00e9rieures \u00e0 8.9p1-9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 valkey 8.0.4-1 versions ant\u00e9rieures \u00e0 8.0.6-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 rubygem-elasticsearch 8.9.0-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 pytorch 2.2.2-7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 ruby 3.3.5-5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "cbl2 redis 6.2.18-3 versions ant\u00e9rieures \u00e0 6.2.20-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 qtsvg 6.6.1-2 versions ant\u00e9rieures \u00e0 6.6.1-3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 valkey 8.0.4-1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2022-49069",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49069"
    },
    {
      "name": "CVE-2025-39987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39987"
    },
    {
      "name": "CVE-2025-39947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39947"
    },
    {
      "name": "CVE-2025-39973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39973"
    },
    {
      "name": "CVE-2025-39945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39945"
    },
    {
      "name": "CVE-2025-55551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55551"
    },
    {
      "name": "CVE-2024-56709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56709"
    },
    {
      "name": "CVE-2025-39967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39967"
    },
    {
      "name": "CVE-2025-11234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11234"
    },
    {
      "name": "CVE-2025-39942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39942"
    },
    {
      "name": "CVE-2025-39929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39929"
    },
    {
      "name": "CVE-2025-39949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39949"
    },
    {
      "name": "CVE-2025-49844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-49844"
    },
    {
      "name": "CVE-2025-39953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39953"
    },
    {
      "name": "CVE-2025-39990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39990"
    },
    {
      "name": "CVE-2025-39969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39969"
    },
    {
      "name": "CVE-2025-61985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
    },
    {
      "name": "CVE-2025-46819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46819"
    },
    {
      "name": "CVE-2024-53234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53234"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2025-55552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55552"
    },
    {
      "name": "CVE-2024-40989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40989"
    },
    {
      "name": "CVE-2025-39940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39940"
    },
    {
      "name": "CVE-2025-39977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39977"
    },
    {
      "name": "CVE-2025-21645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21645"
    },
    {
      "name": "CVE-2025-46817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46817"
    },
    {
      "name": "CVE-2024-39508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39508"
    },
    {
      "name": "CVE-2022-49133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49133"
    },
    {
      "name": "CVE-2025-39970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39970"
    },
    {
      "name": "CVE-2025-39981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39981"
    },
    {
      "name": "CVE-2025-39994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39994"
    },
    {
      "name": "CVE-2025-61984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
    },
    {
      "name": "CVE-2024-41079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-41079"
    },
    {
      "name": "CVE-2025-39998",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
    },
    {
      "name": "CVE-2025-39968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39968"
    },
    {
      "name": "CVE-2022-49124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49124"
    },
    {
      "name": "CVE-2024-53687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53687"
    },
    {
      "name": "CVE-2025-39955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39955"
    },
    {
      "name": "CVE-2025-39934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39934"
    },
    {
      "name": "CVE-2025-11495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11495"
    },
    {
      "name": "CVE-2025-39938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39938"
    },
    {
      "name": "CVE-2025-39982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39982"
    },
    {
      "name": "CVE-2025-39965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39965"
    },
    {
      "name": "CVE-2025-39932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39932"
    },
    {
      "name": "CVE-2025-11414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
    },
    {
      "name": "CVE-2025-21629",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21629"
    },
    {
      "name": "CVE-2022-50502",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-50502"
    },
    {
      "name": "CVE-2025-39964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
    },
    {
      "name": "CVE-2024-49568",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49568"
    },
    {
      "name": "CVE-2024-53196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53196"
    },
    {
      "name": "CVE-2025-39971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39971"
    },
    {
      "name": "CVE-2024-46717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46717"
    },
    {
      "name": "CVE-2024-40966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-40966"
    },
    {
      "name": "CVE-2025-39972",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39972"
    },
    {
      "name": "CVE-2024-56641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56641"
    },
    {
      "name": "CVE-2025-11413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
    },
    {
      "name": "CVE-2025-39961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39961"
    },
    {
      "name": "CVE-2025-55554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55554"
    },
    {
      "name": "CVE-2025-37727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37727"
    },
    {
      "name": "CVE-2025-10729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10729"
    },
    {
      "name": "CVE-2025-39957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39957"
    },
    {
      "name": "CVE-2025-39931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39931"
    },
    {
      "name": "CVE-2024-53195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53195"
    },
    {
      "name": "CVE-2025-39937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39937"
    },
    {
      "name": "CVE-2025-46818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-46818"
    },
    {
      "name": "CVE-2025-11412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
    },
    {
      "name": "CVE-2022-48816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-48816"
    },
    {
      "name": "CVE-2025-39985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39985"
    },
    {
      "name": "CVE-2025-39946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39946"
    },
    {
      "name": "CVE-2025-39980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39980"
    },
    {
      "name": "CVE-2024-42321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-42321"
    },
    {
      "name": "CVE-2020-8130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8130"
    },
    {
      "name": "CVE-2024-56592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56592"
    }
  ],
  "initial_release_date": "2025-10-20T00:00:00",
  "last_revision_date": "2025-10-20T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0899",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-10-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Microsoft. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39967",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39967"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39940",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39940"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11412",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11412"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39994",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39994"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39947",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39947"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53687",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53687"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39931",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39931"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39942",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39942"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55551",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55551"
    },
    {
      "published_at": "2025-10-06",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-50502",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-50502"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-42321",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-42321"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53195",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53195"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-39508",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-39508"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53234",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53234"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39981",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39981"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46818",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46818"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39998",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39998"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39972",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39972"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39953",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39953"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49133"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39934",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39934"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39968",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39968"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39932",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39932"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-49844",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49844"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56709",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56709"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39965",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39965"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39985",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39985"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11234",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11234"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39970",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39970"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39980",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39980"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39977",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39977"
    },
    {
      "published_at": "2025-10-15",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39964",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39964"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39938",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39938"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11495",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11495"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56641",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56641"
    },
    {
      "published_at": "2025-10-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8130",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8130"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-8291",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-8291"
    },
    {
      "published_at": "2025-10-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21645",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21645"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39982",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39982"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39987",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39987"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40989",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40989"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-49568",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49568"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-37727",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-37727"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49069",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49069"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46817",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46817"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-46717",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-46717"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39961",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39961"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55552",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55552"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-41079",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-41079"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39969",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39969"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-40966",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-40966"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61985",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61985"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39949",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39949"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11414",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11414"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-46819",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-46819"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39945",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39945"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-61984",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-61984"
    },
    {
      "published_at": "2025-10-08",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-48816",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-48816"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39955",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39955"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39937",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39937"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-55554",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-55554"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-56592",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-56592"
    },
    {
      "published_at": "2025-10-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-10729",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-10729"
    },
    {
      "published_at": "2025-10-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-11413",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-11413"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39929",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39929"
    },
    {
      "published_at": "2025-10-17",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-49124",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-49124"
    },
    {
      "published_at": "2025-10-05",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39946",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39946"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39973",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39973"
    },
    {
      "published_at": "2025-10-18",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-21629",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21629"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-53196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-53196"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39990",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39990"
    },
    {
      "published_at": "2025-10-16",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39971",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39971"
    },
    {
      "published_at": "2025-10-10",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2025-39957",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-39957"
    }
  ]
}

CERTFR-2026-AVI-0112

Vulnerability from certfr_avis - Published: 2026-02-02 - Updated: 2026-02-02

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.1.7
VMware	Tanzu Kubernetes Grid Integrated Edition	Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions antérieures à 1.24.0
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.2.7+LTS-T
VMware	N/A	NodeJS Buildpack versions antérieures à 1.8.74
VMware	Tanzu Platform	Foundation Core pour VMware Tanzu Platform versions antérieures à 3.2.3
VMware	Tanzu Platform	Telemetry pour VMware Tanzu Platform versions antérieures à 2.4.0
VMware	N/A	Platform Automation Toolkit versions antérieures à 5.4.0
VMware	N/A	VMware Harbor Registry versions antérieures à 2.14.0
VMware	Tanzu Platform	Isolation Segmentation pour VMware Tanzu Platform versions antérieures à 10.3.4

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 36902	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36908	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36897	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36912	2026-02-01	vendor-advisory
Bulletin de sécurité VMware 36904	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36900	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36903	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36909	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36899	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36906	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36907	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36901	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36905	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36898	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36910	2026-02-02	vendor-advisory
Bulletin de sécurité VMware 36911	2026-02-02	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.1.7",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Tanzu Kubernetes Grid Integrated Edition (TKGi) - Mgmt Console versions ant\u00e9rieures \u00e0 1.24.0",
      "product": {
        "name": "Tanzu Kubernetes Grid Integrated Edition",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.2.7+LTS-T",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "NodeJS Buildpack versions ant\u00e9rieures \u00e0 1.8.74",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Foundation Core pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 3.2.3",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Telemetry pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0  2.4.0",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Platform Automation Toolkit versions ant\u00e9rieures \u00e0 5.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Harbor Registry versions ant\u00e9rieures \u00e0 2.14.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Isolation Segmentation pour VMware Tanzu Platform versions ant\u00e9rieures \u00e0 10.3.4",
      "product": {
        "name": "Tanzu Platform",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-8715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8715"
    },
    {
      "name": "CVE-2025-53547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53547"
    },
    {
      "name": "CVE-2025-58183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58183"
    },
    {
      "name": "CVE-2025-9231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9231"
    },
    {
      "name": "CVE-2025-68973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-68973"
    },
    {
      "name": "CVE-2025-10148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10148"
    },
    {
      "name": "CVE-2025-14087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14087"
    },
    {
      "name": "CVE-2025-22872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22872"
    },
    {
      "name": "CVE-2025-28164",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-28164"
    },
    {
      "name": "CVE-2025-0913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-0913"
    },
    {
      "name": "CVE-2025-47907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
    },
    {
      "name": "CVE-2026-24882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24882"
    },
    {
      "name": "CVE-2023-45288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-45288"
    },
    {
      "name": "CVE-2025-6075",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
    },
    {
      "name": "CVE-2025-22228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22228"
    },
    {
      "name": "CVE-2025-58185",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58185"
    },
    {
      "name": "CVE-2025-55752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55752"
    },
    {
      "name": "CVE-2025-58767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58767"
    },
    {
      "name": "CVE-2024-38819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
    },
    {
      "name": "CVE-2025-55198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55198"
    },
    {
      "name": "CVE-2025-15284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
    },
    {
      "name": "CVE-2026-1485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1485"
    },
    {
      "name": "CVE-2022-49390",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-49390"
    },
    {
      "name": "CVE-2025-48060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48060"
    },
    {
      "name": "CVE-2025-21855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-21855"
    },
    {
      "name": "CVE-2024-21510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21510"
    },
    {
      "name": "CVE-2025-14512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14512"
    },
    {
      "name": "CVE-2025-8291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
    },
    {
      "name": "CVE-2025-61921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61921"
    },
    {
      "name": "CVE-2023-34231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-34231"
    },
    {
      "name": "CVE-2025-61727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61727"
    },
    {
      "name": "CVE-2025-64718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
    },
    {
      "name": "CVE-2024-28180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-28180"
    },
    {
      "name": "CVE-2025-65637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65637"
    },
    {
      "name": "CVE-2025-22233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
    },
    {
      "name": "CVE-2025-47910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47910"
    },
    {
      "name": "CVE-2024-38820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
    },
    {
      "name": "CVE-2025-10966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-10966"
    },
    {
      "name": "CVE-2025-47906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
    },
    {
      "name": "CVE-2025-31133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31133"
    },
    {
      "name": "CVE-2025-64505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64505"
    },
    {
      "name": "CVE-2025-58188",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58188"
    },
    {
      "name": "CVE-2025-4674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4674"
    },
    {
      "name": "CVE-2022-29526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29526"
    },
    {
      "name": "CVE-2025-65945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
    },
    {
      "name": "CVE-2025-28162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-28162"
    },
    {
      "name": "CVE-2025-55754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754"
    },
    {
      "name": "CVE-2025-64506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64506"
    },
    {
      "name": "CVE-2025-52881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52881"
    },
    {
      "name": "CVE-2025-22868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
    },
    {
      "name": "CVE-2025-3360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-3360"
    },
    {
      "name": "CVE-2025-64720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-64720"
    },
    {
      "name": "CVE-2025-61724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61724"
    },
    {
      "name": "CVE-2025-61723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61723"
    },
    {
      "name": "CVE-2025-9232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9232"
    },
    {
      "name": "CVE-2025-61795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61795"
    },
    {
      "name": "CVE-2025-14762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-14762"
    },
    {
      "name": "CVE-2025-8713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8713"
    },
    {
      "name": "CVE-2025-66471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
    },
    {
      "name": "CVE-2026-21441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
    },
    {
      "name": "CVE-2024-45337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
    },
    {
      "name": "CVE-2024-53427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53427"
    },
    {
      "name": "CVE-2025-61725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61725"
    },
    {
      "name": "CVE-2025-65018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-65018"
    },
    {
      "name": "CVE-2025-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7039"
    },
    {
      "name": "CVE-2025-12818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12818"
    },
    {
      "name": "CVE-2025-48989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-48989"
    },
    {
      "name": "CVE-2026-24842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
    },
    {
      "name": "CVE-2025-22874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22874"
    },
    {
      "name": "CVE-2025-55199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-55199"
    },
    {
      "name": "CVE-2025-61594",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61594"
    },
    {
      "name": "CVE-2025-47912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47912"
    },
    {
      "name": "CVE-2025-11414",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11414"
    },
    {
      "name": "CVE-2025-54410",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54410"
    },
    {
      "name": "CVE-2025-52565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
    },
    {
      "name": "CVE-2026-24883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24883"
    },
    {
      "name": "CVE-2025-39964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39964"
    },
    {
      "name": "CVE-2025-39993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-39993"
    },
    {
      "name": "CVE-2025-58186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58186"
    },
    {
      "name": "CVE-2025-8714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8714"
    },
    {
      "name": "CVE-2025-9086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9086"
    },
    {
      "name": "CVE-2025-58187",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58187"
    },
    {
      "name": "CVE-2025-13601",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-13601"
    },
    {
      "name": "CVE-2025-12817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-12817"
    },
    {
      "name": "CVE-2025-4673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
    },
    {
      "name": "CVE-2025-22871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
    },
    {
      "name": "CVE-2024-38828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
    },
    {
      "name": "CVE-2025-6966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6966"
    },
    {
      "name": "CVE-2025-58181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58181"
    },
    {
      "name": "CVE-2025-8959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8959"
    },
    {
      "name": "CVE-2025-47914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-47914"
    },
    {
      "name": "CVE-2025-40018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-40018"
    },
    {
      "name": "CVE-2024-53218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53218"
    },
    {
      "name": "CVE-2025-67499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-67499"
    },
    {
      "name": "CVE-2025-58058",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58058"
    },
    {
      "name": "CVE-2025-22869",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
    },
    {
      "name": "CVE-2025-58189",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-58189"
    },
    {
      "name": "CVE-2025-22870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
    },
    {
      "name": "CVE-2025-11413",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11413"
    },
    {
      "name": "CVE-2024-23337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23337"
    },
    {
      "name": "CVE-2025-61748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61748"
    },
    {
      "name": "CVE-2025-22235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22235"
    },
    {
      "name": "CVE-2025-9230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
    },
    {
      "name": "CVE-2025-7339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
    },
    {
      "name": "CVE-2024-53090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53090"
    },
    {
      "name": "CVE-2025-8916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8916"
    },
    {
      "name": "CVE-2025-23419",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23419"
    },
    {
      "name": "CVE-2025-8885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-8885"
    },
    {
      "name": "CVE-2025-41249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
    },
    {
      "name": "CVE-2025-11412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11412"
    },
    {
      "name": "CVE-2026-1484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1484"
    },
    {
      "name": "CVE-2025-7424",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-7424"
    },
    {
      "name": "CVE-2024-50067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50067"
    },
    {
      "name": "CVE-2024-47220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47220"
    },
    {
      "name": "CVE-2025-54388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-54388"
    },
    {
      "name": "CVE-2026-1489",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-1489"
    },
    {
      "name": "CVE-2026-24881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24881"
    },
    {
      "name": "CVE-2025-41242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
    },
    {
      "name": "CVE-2024-38816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-38816"
    },
    {
      "name": "CVE-2025-53057",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53057"
    },
    {
      "name": "CVE-2025-6442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6442"
    },
    {
      "name": "CVE-2025-53066",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-53066"
    },
    {
      "name": "CVE-2016-1000027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000027"
    },
    {
      "name": "CVE-2025-61729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
    },
    {
      "name": "CVE-2025-11494",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-11494"
    },
    {
      "name": "CVE-2024-47691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-47691"
    },
    {
      "name": "CVE-2025-66418",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
    }
  ],
  "initial_release_date": "2026-02-02T00:00:00",
  "last_revision_date": "2026-02-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0112",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36902",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36902"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36908",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36908"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36897",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36897"
    },
    {
      "published_at": "2026-02-01",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36912",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36912"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36904",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36904"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36900",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36900"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36903",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36903"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36909",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36909"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36899",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36899"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36906",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36906"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36907",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36907"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36901",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36901"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36905",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36905"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36898",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36898"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36910",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36910"
    },
    {
      "published_at": "2026-02-02",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 36911",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36911"
    }
  ]
}

CVE-2025-11413

Vulnerability from fstec - Published: 18.09.2025

Title

Уязвимость функции elf_link_add_object_symbols компонента bfd/elflink.c программного средства разработки GNU Binutils, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость функции elf_link_add_object_symbols компонента bfd/elflink.c программного средства разработки GNU Binutils связана с выходом операции за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Vendor

ООО «РусБИТех-Астра», GNU General Public License

Software Name

Astra Linux Special Edition (запись в едином реестре российских программ №369), GNU Binutils

Software Version

1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), до 2.45 включительно (GNU Binutils)

Possible Mitigations

Использование рекомендаций: Для Binutils: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 Для ОС Astra Linux: обновить пакет binutils до 2.31.1-16.astra6+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17 Для ОС Astra Linux: обновить пакет binutils до 2.31.1-16.astra6+ci1 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47

Reference

https://sourceware.org/bugzilla/show_bug.cgi?id=33456 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0 https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17 https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, GNU General Public License",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.7 (Astra Linux Special Edition), 4.7 (Astra Linux Special Edition), \u0434\u043e 2.45 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (GNU Binutils)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Binutils:\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.31.1-16.astra6+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 binutils \u0434\u043e 2.31.1-16.astra6+ci1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "18.09.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "12.01.2026",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.12.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-16074",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-11413",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), GNU Binutils",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 elf_link_add_object_symbols \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 bfd/elflink.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 elf_link_add_object_symbols \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 bfd/elflink.c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 GNU Binutils \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c: Yifan Zhang",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sourceware.org/bugzilla/show_bug.cgi?id=33456\nhttps://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=72efdf166aa0ed72ecc69fc2349af6591a7a19c0\nhttps://wiki.astralinux.ru/astra-linux-se17-bulletin-2025-1202SE17\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2025-1216SE47",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 1,7)\n\u041d\u0438\u0437\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 3,3)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-11413 (GCVE-0-2025-11413)

GHSA-W337-WPHV-G4VH

FKIE_CVE-2025-11413

CERTFR-2025-AVI-0899

Solutions

CERTFR-2026-AVI-0112

Solutions

CVE-2025-11413

Tags

Sightings

Nomenclature