Overview of Recent VMware Security Updates
VMware has recently addressed a substantial number of critical vulnerabilities, totaling 47 across its Tanzu Greenplum products. The updates tackle 29 issues in the VMware Tanzu Greenplum Backup and Restore, along with 18 additional vulnerabilities within various other Tanzu Greenplum components.
Published on April 7, 2025, these security advisories urge immediate action, covering vulnerabilities with CVSS scores reaching up to 9.8. This symbolizes severe threat levels that organizations using these products cannot ignore.
Key Vulnerabilities in VMware Tanzu Greenplum Backup and Restore
Vulnerabilities such as CVE-2023-39320, CVE-2024-24790, and GHSA-v778-237x-gjrc were marked critical. These flaws involve high-risk issues like privilege escalation and remote code execution during backup operations, as well as an authorization bypass in Golang’s crypto module.
Other high-severity issues, including CVE-2025-22866 and CVE-2023-44487, have also been resolved. These vulnerabilities affected networking components with risks of unauthorized access and enabled DoS attacks through HTTP/2 protocol exploitation.
Detailed Breakdown of Patched Components
The update for Tanzu Greenplum version 6.29.0 addresses vulnerabilities in multiple components such as:
- PL/Container Python3 Image
- DataSciencePython3.9
Additionally, critical flaws were found and patched in the Greenplum Platform Extensions Framework, including SQL injection vulnerabilities in the Apache Hive JDBC driver and arbitrary code execution vulnerabilities in Apache Avro.
Enhanced Security Measures and Features
With the new security patches, VMware not only enhanced the security aspects but also introduced some key features:
- Improved backup operations with gpbackup utility
- Functional enhancements in Tanzu Greenplum Backup and Restore 1.31.0
- Support for Read Replica mode in Tanzu Greenplum Disaster Recovery 1.3.0
Urgent Call to Action for Users
Due to the critical nature of these vulnerabilities, immediate patching is advised. The latest versions, VMware Tanzu Greenplum 6.29.0 and VMware Tanzu Greenplum Backup and Restore 1.31.0, include these necessary security improvements.
Security experts and VMware urge users to implement these updates swiftly to mitigate any potential risks associated with the vulnerabilities, some of which date back several years.
Following the acquisition by Broadcom, these security updates underscore a robust commitment to continuously secure the VMware environment through the Broadcom Support Portal.
Related: Critical Zero-Day Flaw in CentreStack Exploited to Compromise File Sharing Servers
Last Updated: April 9, 2025
