Skip to main content

Security Alerts

Find here the security alerts related to our cloud services. This page is updated daily to account for newly identified vulnerabilities.

Vulnerabilities

DateReference(s)CVSSTitleDescriptionService(s)SeverityRemediation
23/12/2025CVE-2025-144438.5Vulnerability in Red Hat OpenShift (CVE-2025-14443)A vulnerability in the openshift-apiserver component allows privilege escalation. Exploitation requires prior authentication.PaaS OpenShift🟠 Important✅ Your OpenShift instances are scheduled for update as soon as patches are validated by Cloud Temple. No action required from your side.
30/09/2025VMSA-2025-00168.5VMSA-2025-0016: Vulnerability in VMware vCenter (CVE-2025-41250)A vulnerability (CVE-2025-41250) allows an authenticated attacker to modify scheduled task notification emails.IaaS By VMware🟠 Important✅ Your vCenter instances are scheduled for update as soon as patches are validated by Cloud Temple. No action required from your side. The update is indicated in Console notifications.
30/09/2025VMSA-2025-00157.6VMSA-2025-0015: Vulnerability in VMware Tools (Windows)A vulnerability (CVE-2025-41246) affecting VMware Tools for Windows allows privilege escalation (requires authenticated local access).IaaS By VMware🟡 Moderate⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
07/08/2025DSA-2025-1548.4DSA-2025-154: Vulnerability in Dell ObjectScale (CVE-2025-26476)A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hardcoded SSH cryptographic keys allows unauthenticated local access.Object Storage🟠 Important✅ Remediation for your ObjectScale environments is handled by Cloud Temple. No action required from your side.
15/07/2025VMSA-2025-00139.3VMSA-2025-0013: Critical vulnerabilities in VMware ESXiSeveral critical vulnerabilities affect VMware ESXi. Patches are provided by the vendor.IaaS By VMware🟠 Important⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.
15/07/2025VMSA-2025-00137.1VMSA-2025-0013: Vulnerability in VMware Tools (CVE-2025-41239)A vulnerability (CVE-2025-41239) in VMware Tools allows disclosure of sensitive information via uninitialized vSockets. Patches are provided by the vendor.IaaS By VMware🟡 Moderate⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
01/07/2025XSA-470N/AXCP-NG vulnerability due to improper exception handling Vendor BulletinA vulnerability has been discovered in XCP-NG, allowing privileged code executed from a virtual machine to crash the hypervisor, resulting in a complete host denial-of-service (DoS).IaaS OpenSource🟡 Moderate✅ Your XCP-ng instances are scheduled for update as soon as patches are validated by Cloud Temple. No action required from your side.
23/05/2025XSA-4688.8–9.0XCP-NG vulnerabilities in Windows PV drivers (XSA-468) Vendor BulletinMultiple vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in Windows PV drivers allow unprivileged users to gain system privileges inside Windows VMs.IaaS OpenSource🟠 Important⚠️ We recommend updating Windows PV drivers on your virtual machines to the corrected versions specified in the security bulletin. ✅ Your XCP-ng instances are scheduled for update as soon as patches are validated by Cloud Temple.
22/05/2025XSA-469, INTEL-SA4.9–6.5XCP-NG vulnerabilities in Intel microcode and Xen (XSA-469, INTEL-SA) Vendor BulletinSecurity patches for XCP-ng have been released, addressing multiple vulnerabilities in Intel microcode and Xen.IaaS OpenSource🟡 Moderate✅ Your XCP-ng instances are scheduled for update as soon as patches are validated by Cloud Temple. No action required from your side.
21/05/2025VMSA-2025-00104.3–6.8VMSA-2025-0010: Multiple vulnerabilities in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)Multiple vulnerabilities in VMware ESXi have been reported: Guest operation denial-of-service vulnerability (CVE-2025-41226), Denial-of-service vulnerability (CVE-2025-41227), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.IaaS By VMware🟡 Moderate⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.
21/05/2025VMSA-2025-00104.3–8.8VMSA-2025-0010: Multiple vulnerabilities in vCenter (CVE-2025-41225, CVE-2025-41228)Multiple vulnerabilities in VMware vCenter have been reported: Authenticated command execution vulnerability in VMware vCenter Server (CVE-2025-41225), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.IaaS By VMware🟠 Important✅ Your vCenter instances are scheduled for update as soon as patches are validated by Cloud Temple. No action required from your side. The update is indicated in Console notifications.
14/05/2025VMSA-2025-00076.1VMSA-2025-0007: Insecure file management vulnerability in VMware Tools (CVE-2025-22247)An insecure file management vulnerability in VMware Tools has been reported. Patches are provided by the vendor.IaaS By VMware🟡 Moderate⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
25/03/2025VMSA-2025-00057.8VMSA-2025-0005: Authentication bypass vulnerability in VMware Tools for Windows (CVE-2025-22230)An authentication bypass vulnerability in VMware Tools for Windows has been reported. Patches are provided by the vendor.IaaS By VMware🟠 Important⚠️ We recommend updating VMware Tools on your virtual machines. Corrected VM Tools versions are included in the ESXi packages provided by Cloud Temple.
04/03/2025VMSA-2025-00047.1–9.3VMSA-2025-0004: Multiple vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)Multiple vulnerabilities in VMware ESXi have been reported: VMCI heap overflow vulnerability (CVE-2025-22224), rated Critical by VMware; Arbitrary write vulnerability in VMware ESXi (CVE-2025-22225); HGFS information disclosure vulnerability (CVE-2025-22226). Patches are provided by the vendor.IaaS By VMware🟠 Important⚠️ We recommend updating your hypervisors. Corrected ESXi versions are available as soon as validated by Cloud Temple. Console indicates which ESXi hosts require updates.

Information

  • Date : Initial publication date of the Cloud Temple security alert.
  • Reference(s) : CVE ID, if available.
  • CVSS : Base CVSS v3 score as reported by the vendor or the CVE, uncontextualized. Contextualization is expressed through the CT severity. If the alert covers multiple vulnerabilities, minimum and maximum CVSS scores are indicated.
  • Title : Alert title, with vendor reference if available.
  • Description : Summary description, with link(s) to detailed information.
  • Service(s) : Cloud Temple service(s) potentially affected.
  • Severity : Severity level within the context of Cloud Temple services (for the most critical vulnerability in case of multiple vulnerabilities). Exploitation criteria are considered in the technical context of our cloud infrastructure and services.
LevelDescription
🔴 CriticalCVSS score 7+ vulnerability presenting a significant risk of exploitation (high exposure, ease of exploitation). Immediate correction or mitigation is strongly recommended.
🟠 ImportantCVSS score 7+ vulnerability not presenting a significant risk of exploitation (limited exposure or exploitation constraints).
🟡 ModerateCVSS score 4+ vulnerability.
🔵 LowCVSS score below 4, or non-exploitable vulnerability.
  • Treatment : Information and recommendations in the context of Cloud Temple services. ⚠️ indicates that user action is required to address the vulnerability. ✅ indicates that Cloud Temple is handling the vulnerability resolution.