Multiple vulnerabilities have been discovered in VMware Tanzu, affecting Tanzu for MySQL versions earlier than 2.0.2 deployed on Kubernetes. The vulnerabilities can allow an attacker to trigger an unspecified security issue. The Advisory, issued by CERT‑FR and based on VMware’s security bulletin 37340 dated 2 April 2026, lists several CVE identifiers (CVE-2025-14831, CVE-2025-15281, CVE-2025-15366, CVE-2025-15367, CVE-2025-9820, CVE-2026-0861, CVE-2026-0865, CVE-2026-0915, CVE-2026-1299, CVE-2026-4111). The advisory does not specify the risk severity or impact level, as the vendor has not assigned a classification. Systems include any deployment of Tanzu for MySQL running before version 2.0.2 on a Kubernetes cluster. The CERT‑FR recommends applying the vendor’s patches as detailed in the referenced bulletin and reviewing configuration settings.
Summary of content from
Made by AI. If you spot anything of concern write us at contact@cybach.com. We’ll promptly correct irregularities.