Security Alerts

Find here the security alerts related to our cloud services. This page is updated daily to account for newly identified vulnerabilities.

Vulnerabilities

Date	Reference(s)	CVSS	Title	Description	Service(s)	Severity	Treatment
23/12/2025	CVE-2025-14443	8.5	Vulnerability in Red Hat OpenShift (CVE-2025-14443)	A vulnerability in the openshift-apiserver component allows privilege escalation. Exploitation requires prior authentication.	PaaS OpenShift	🟠 Important	✅ Your OpenShift instances will be updated as soon as fixes are validated by Cloud Temple. No action required on your part.
30/09/2025	VMSA-2025-0016	8.5	VMSA-2025-0016: Vulnerability in VMware vCenter (CVE-2025-41250)	A vulnerability (CVE-2025-41250) allows an authenticated attacker to modify scheduled task notification emails.	IaaS By VMware	🟠 Important	✅ Your vCenter instances will be updated as soon as fixes are validated by Cloud Temple. No action required on your part. The update is indicated in Console notifications.
30/09/2025	VMSA-2025-0015	7.6	VMSA-2025-0015: Vulnerability in VMware Tools (Windows)	A vulnerability (CVE-2025-41246) affecting VMware Tools for Windows allows privilege escalation (requires authenticated local access).	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
07/08/2025	DSA-2025-154	8.4	DSA-2025-154: Vulnerability in Dell ObjectScale (CVE-2025-26476)	A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hardcoded SSH cryptographic keys allows unauthenticated local access.	Object Storage	🟠 Important	✅ Remediation of your ObjectScale environments is handled by Cloud Temple. No action required on your part.
15/07/2025	VMSA-2025-0013	9.3	VMSA-2025-0013: Critical vulnerabilities in VMware ESXi	Several critical vulnerabilities affect VMware ESXi. Patches are provided by the vendor.	IaaS By VMware	🟠 Important	⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.
15/07/2025	VMSA-2025-0013	7.1	VMSA-2025-0013: Vulnerability in VMware Tools (CVE-2025-41239)	A vulnerability (CVE-2025-41239) in VMware Tools allows disclosure of sensitive information via uninitialized vSockets. Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
01/07/2025	XSA-470	N/A	XCP-NG vulnerability due to improper exception handling Vendor Bulletin	A vulnerability has been discovered in XCP-NG, allowing privileged code executed from a virtual machine to crash the hypervisor, resulting in a complete host denial-of-service (DoS).	IaaS OpenSource	🟡 Moderate	✅ Your XCP-ng instances will be updated as soon as fixes are validated by Cloud Temple. No action required on your part.
23/05/2025	XSA-468	8.8–9.0	XCP-NG vulnerabilities in Windows PV drivers (XSA-468) Vendor Bulletin	Multiple vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in Windows PV drivers allow unprivileged users to gain system privileges inside Windows VMs.	IaaS OpenSource	🟠 Important	⚠️ We recommend updating the Windows PV drivers on your virtual machines to the corrected versions specified in the security bulletin. ✅ Your XCP-ng instances will be updated as soon as fixes are validated by Cloud Temple.
22/05/2025	XSA-469, INTEL-SA	4.9–6.5	XCP-NG vulnerabilities in Intel microcode and Xen (XSA-469, INTEL-SA) Vendor Bulletin	Security patches for XCP-ng have been released, addressing multiple vulnerabilities in Intel microcode and Xen.	IaaS OpenSource	🟡 Moderate	✅ Your XCP-ng instances will be updated as soon as fixes are validated by Cloud Temple. No action required on your part.
21/05/2025	VMSA-2025-0010	4.3–6.8	VMSA-2025-0010: Multiple vulnerabilities in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)	Multiple vulnerabilities in VMware ESXi have been reported: Guest operation denial-of-service vulnerability (CVE-2025-41226), Denial-of-service vulnerability (CVE-2025-41227), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.
21/05/2025	VMSA-2025-0010	4.3–8.8	VMSA-2025-0010: Multiple vulnerabilities in vCenter (CVE-2025-41225, CVE-2025-41228)	Multiple vulnerabilities in VMware vCenter have been reported: Authenticated command execution vulnerability in VMware vCenter Server (CVE-2025-41225), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.	IaaS By VMware	🟠 Important	✅ Your vCenter instances will be updated as soon as fixes are validated by Cloud Temple. No action required on your part. The update is indicated in Console notifications.
14/05/2025	VMSA-2025-0007	6.1	VMSA-2025-0007: Insecure file handling vulnerability in VMware Tools (CVE-2025-22247)	An insecure file handling vulnerability in VMware Tools has been reported. Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
25/03/2025	VMSA-2025-0005	7.8	VMSA-2025-0005: Authentication bypass vulnerability in VMware Tools for Windows (CVE-2025-22230)	An authentication bypass vulnerability in VMware Tools for Windows has been reported. Patches are provided by the vendor.	IaaS By VMware	🟠 Important	⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
04/03/2025	VMSA-2025-0004	7.1–9.3	VMSA-2025-0004: Multiple vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)	Multiple vulnerabilities in VMware ESXi have been reported: VMCI heap overflow vulnerability (CVE-2025-22224) rated Critical by VMware, Arbitrary write vulnerability in VMware ESXi (CVE-2025-22225), HGFS information disclosure vulnerability (CVE-2025-22226). Patches are provided by the vendor.	IaaS By VMware	🟠 Important	⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.

Informationen

• Datum : Datum der ursprünglichen Veröffentlichung der Sicherheitswarnung von Cloud Temple.
• Referenz(en) : CVE-ID, falls verfügbar.
• CVSS : CVSS v3-Basisbewertung gemäß dem Herausgeber oder der CVE, nicht kontextualisiert. Die Kontextualisierung wird durch die Schwere CT ausgedrückt. Falls mehrere Schwachstellen betroffen sind, werden die minimalen und maximalen CVSS-Werte angegeben.
• Titel : Titel der Warnung, mit Herausgeber-Referenz, falls verfügbar.
• Beschreibung : Zusammenfassende Beschreibung mit Link(en) zu detaillierten Informationen.
• Dienst(e) : Cloud Temple-Dienst(e), die betroffen sein könnten.
• Schwere : Schweregrad im Kontext der Cloud Temple-Dienste (für die kritischste Schwachstelle bei mehreren betroffenen Schwachstellen). Die Ausnutzbarkeitskriterien werden im technischen Kontext unserer Infrastrukturen und Dienste berücksichtigt.

Ebene	Beschreibung
🔴 Kritisch	Schwachstelle mit CVSS 7+ mit erheblichem Ausnutzungsrisiko (hohe Exposition, einfache Ausnutzbarkeit). Eine Korrektur oder Minderung der Auswirkungen wird dringend empfohlen.
🟠 Wichtig	Schwachstelle mit CVSS 7+, die jedoch kein erhebliches Ausnutzungsrisiko darstellt (begrenzte Exposition oder Ausnutzungsbedingungen).
🟡 Mäßig	Schwachstelle mit CVSS 4+
🔵 Gering	Schwachstelle mit CVSS unter 4 oder nicht ausnutzbar.

• Behandlung : Informationen und Empfehlungen im Kontext der Cloud Temple-Dienste. ⚠️ zeigt an, dass eine Aktion durch die Nutzer erforderlich ist, um die Schwachstelle zu behandeln. ✅ zeigt an, dass Cloud Temple die Behandlung der Schwachstelle übernimmt.