Security Alerts

Here you will find security alerts related to our cloud services. This page is updated daily to account for newly identified vulnerabilities.

Vulnerabilities

Date	Reference(s)	CVSS	Title	Description	Service(s)	Severity	Remediation
06/04/2026	DSA-2026-143	7.8	DSA-2026-143: Vulnerability in Dell ObjectScale (CVE-2026-28261)	A vulnerability (CVE-2026-28261) in Dell ObjectScale related to the insertion of sensitive information into log files allows a local attacker to expose secrets and escalate privileges to compromise the system.	Object Storage	🟡 Moderate	✅ Remediation of your ObjectScale environments is handled by Cloud Temple. No action is required on your part.
23/03/2026	XSA-480	7.8	XCP-NG Vulnerability (CVE-2026-23554)	A vulnerability (CVE-2026-23554) has been identified in XCP-ng 8.3, specifically affecting systems based on Intel x86 processors, allowing a VM to compromise the host (privilege escalation or DoS).	IaaS OpenSource	🟠 High	✅ The update of your XCP-ng instances is scheduled upon patch validation by Cloud Temple. No action is required on your part.
29/01/2026	Bulletin éditeur	2.9 - 8.5	XCP-NG Vulnerabilities	Several vulnerabilities have been discovered in XCP-ng. The most severe allows privilege escalation from a VM to dom0. Other flaws allow arbitrary code execution via NVMe emulation or leakage of confidential data between virtual machines.	IaaS OpenSource	🟠 High	✅ The update of your XCP-ng instances is scheduled upon patch validation by Cloud Temple. No action is required on your part.
23/01/2026	DSA-2026-047	4.4 - 8.8	DSA-2026-047: Vulnerabilities in Dell ObjectScale	Multiple vulnerabilities in Dell ObjectScale related to default credentials and plaintext transmission/storage allow local or remote compromises.	Object Storage	🟠 High	✅ Remediation of your ObjectScale environments is handled by Cloud Temple. No action is required on your part.
23/12/2025	CVE-2025-14443	8.5	Vulnerability in Red Hat OpenShift (CVE-2025-14443)	A vulnerability in the openshift-apiserver component allows privilege escalation. Exploitation requires prior authentication.	PaaS OpenShift	🟠 High	✅ The update of your OpenShift instances is scheduled upon patch validation by Cloud Temple. No action is required on your part.
30/09/2025	VMSA-2025-0016	8.5	VMSA-2025-0016: Vulnerability in VMware vCenter (CVE-2025-41250)	A vulnerability (CVE-2025-41250) allows an authenticated attacker to modify notification emails for scheduled tasks.	IaaS By VMware	🟠 High	✅ The update of your vCenter instances is scheduled upon patch validation by Cloud Temple. No action is required on your part. The update is flagged in Console notifications.
30/09/2025	VMSA-2025-0015	7.6	VMSA-2025-0015: Vulnerability in VMware Tools (Windows)	A vulnerability (CVE-2025-41246) affecting VMware Tools for Windows allows privilege escalation (requires authenticated local access).	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple.
07/08/2025	DSA-2025-154	8.4	DSA-2025-154: Vulnerability in Dell ObjectScale (CVE-2025-26476)	A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hardcoded SSH keys allows unauthenticated local access.	Object Storage	🟠 High	✅ Remediation of your ObjectScale environments is handled by Cloud Temple. No action is required on your part.
15/07/2025	VMSA-2025-0013	9.3	VMSA-2025-0013: Critical Vulnerabilities in VMware ESXi	Several critical vulnerabilities affect VMware ESXi. Patches are provided by the vendor.	IaaS By VMware	🟠 High	⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available upon validation by Cloud Temple. Console indicates which ESXi hosts require an update.
15/07/2025	VMSA-2025-0013	7.1	VMSA-2025-0013: Vulnerability in VMware Tools (CVE-2025-41239)	A vulnerability (CVE-2025-41239) in VMware Tools allows disclosure of sensitive information via uninitialized vSockets. Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple.
01/07/2025	XSA-470	N/A	XCP-NG Vulnerability via Improper Exception Handling Bulletin éditeur	A vulnerability has been discovered in XCP-NG, allowing privileged code executed from a virtual machine to cause a hypervisor crash, resulting in a denial of service (DoS) for the entire host.	IaaS OpenSource	🟡 Moderate	✅ The update of your XCP-ng instances is scheduled upon patch validation by Cloud Temple. No action is required on your part.
23/05/2025	XSA-468	8.8-9.0	XCP-NG Vulnerabilities in Windows PV Drivers (XSA-468) Bulletin éditeur	Several vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in Windows PV drivers allow non-privileged users to obtain system privileges inside Windows VMs.	IaaS OpenSource	🟠 High	⚠️ We recommend updating the Windows PV drivers on your virtual machines to the corrected versions indicated in the security bulletin. ✅ The update of your XCP-ng instances is scheduled upon patch validation by Cloud Temple.
22/05/2025	XSA-469, INTEL-SA	4.9-6.5	XCP-NG Vulnerabilities in Intel Microcode and Xen (XSA-469, INTEL-SA) Bulletin éditeur	Security patches for XCP-ng have been released, fixing several vulnerabilities in Intel microcode and Xen.	IaaS OpenSource	🟡 Moderate	✅ The update of your XCP-ng instances is scheduled upon patch validation by Cloud Temple. No action is required on your part.
21/05/2025	VMSA-2025-0010	4.3-6.8	VMSA-2025-0010: Multiple Vulnerabilities in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)	Multiple vulnerabilities in VMware ESXi have been reported: Guest operation denial of service vulnerability (CVE-2025-41226), Denial of service vulnerability (CVE-2025-41227), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available upon validation by Cloud Temple. Console indicates which ESXi hosts require an update.
21/05/2025	VMSA-2025-0010	4.3-8.8	VMSA-2025-0010: Multiple Vulnerabilities in vCenter (CVE-2025-41225, CVE-2025-41228)	Multiple vulnerabilities in VMware vCenter have been reported: VMware vCenter Server authenticated command execution vulnerability (CVE-2025-41225), Cross-Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor.	IaaS By VMware	🟠 High	✅ The update of your vCenter instances is scheduled upon patch validation by Cloud Temple. No action is required on your part. The update is flagged in Console notifications.
14/05/2025	VMSA-2025-0007	6.1	VMSA-2025-0007: Insecure File Management Vulnerability in VMware Tools (CVE-2025-22247)	An insecure file management vulnerability in VMware Tools has been reported. Patches are provided by the vendor.	IaaS By VMware	🟡 Moderate	⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple.
25/03/2025	VMSA-2025-0005	7.8	VMSA-2025-0005: Authentication Bypass Vulnerability in VMware Tools for Windows (CVE-2025-22230)	An authentication bypass vulnerability in VMware Tools for Windows has been reported. Patches are provided by the vendor.	IaaS By VMware	🟠 High	⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple
04/03/2025	VMSA-2025-0004	7.1-9.3	VMSA-2025-0004: Multiple Vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)	Multiple vulnerabilities in VMware ESXi have been reported: VMCI heap overflow vulnerability (CVE-2025-22224) rated Critical by VMware, Arbitrary write vulnerability in VMware ESXi (CVE-2025-22225), HGFS information disclosure vulnerability (CVE-2025-22226). Patches are provided by the vendor.	IaaS By VMware	🟠 High	⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available upon validation by Cloud Temple. Console indicates which ESXi hosts require an update.

Information

• Date : Initial publication date of the Cloud Temple security alert.
• Reference(s) : CVE ID, where available.
• CVSS : Base CVSS v3 score as reported by the vendor or CVE, non-contextualized. Contextualization is expressed by the CT severity. If the alert concerns multiple vulnerabilities, the minimum and maximum CVSS scores are indicated.
• Title : Alert title, with vendor reference if available.
• Description : Concise description, with link(s) to detailed information.
• Service(s) : Cloud Temple service(s) that may be affected.
• Severity : Severity level within the context of Cloud Temple services (for the most critical vulnerability in case of multiple vulnerabilities). Exploitation criteria are taken into account within the technical context of our cloud infrastructure and services.

Level	Description
🔴 Critical	CVSS 7+ vulnerability presenting a significant exploitation risk (high exposure, ease of exploitation). A fix or mitigation as soon as possible is highly recommended.
🟠 High	CVSS 7+ vulnerability not presenting a significant exploitation risk (limited exposure or exploitation constraints)
🟡 Medium	CVSS 4+ vulnerability
🔵 Low	CVSS vulnerability below 4, or not exploitable.

• Handling : Information and recommendations within the context of Cloud Temple services. ⚠️ indicates that user action is required to address the vulnerability. ✅ indicates that vulnerability handling is managed by Cloud Temple.