{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter","product":{"name":"Telco Cloud Platform","vendor":{"name":"VMware","scada":false}}},{"description":"Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi","product":{"name":"Telco Cloud Infrastructure","vendor":{"name":"VMware","scada":false}}},{"description":"ESXi versions 8.0 sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227","product":{"name":"ESXi","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi","product":{"name":"Telco Cloud Platform","vendor":{"name":"VMware","scada":false}}},{"description":"Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter","product":{"name":"Telco Cloud Infrastructure","vendor":{"name":"VMware","scada":false}}},{"description":"Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.3 sur macOS","product":{"name":"Fusion","vendor":{"name":"VMware","scada":false}}},{"description":"vCenter Server versions 7.0 sans le correctif de s\u00e9curit\u00e9 7.0 U3v","product":{"name":"vCenter Server","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"Workstation versions 17.x ant\u00e9rieures \u00e0 17.6.3","product":{"name":"Workstation","vendor":{"name":"VMware","scada":false}}},{"description":"Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter","product":{"name":"Telco Cloud Infrastructure","vendor":{"name":"VMware","scada":false}}},{"description":"vCenter Server versions 8.0 sans le correctif de s\u00e9curit\u00e9 8.0 U3e","product":{"name":"vCenter Server","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi","product":{"name":"Cloud Foundation","vendor":{"name":"VMware","scada":false}}},{"description":"Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi","product":{"name":"Telco Cloud Infrastructure","vendor":{"name":"VMware","scada":false}}},{"description":"ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868","product":{"name":"ESXi","vendor":{"name":"VMware","scada":false}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2025-41227","url":"https://www.cve.org/CVERecord?id=CVE-2025-41227"},{"name":"CVE-2025-41225","url":"https://www.cve.org/CVERecord?id=CVE-2025-41225"},{"name":"CVE-2025-41228","url":"https://www.cve.org/CVERecord?id=CVE-2025-41228"},{"name":"CVE-2025-41226","url":"https://www.cve.org/CVERecord?id=CVE-2025-41226"}],"links":[],"reference":"CERTFR-2025-AVI-0430","revisions":[{"description":"Version initiale","revision_date":"2025-05-21T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware","vendor_advisories":[{"published_at":"2025-05-20","title":"Bulletin de s\u00e9curit\u00e9 VMware 25717","url":"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"}]}