Vulnerabilities reported in Site Recovery Manager with CVE-2025-27363 and CVE-2025-31177.
Article ID: 402107
Updated On:
Products
VMware Live Recovery
Issue/Introduction
A vulnerability scan has reported two CVEs related to VMware Site Recovery Manager (SRM):
CVE-2025-27363 and CVE-2025-31177
Environment
VMware Live Site Recovery 9.x
Cause
CVE-2025-27363:
It is caused by improper parsing of Freetype and variable fonts in FreeTypeversion 2.13.0, leading to potential memory corruption.
CVE-2025-31177:
A heap buffer overflow in Gnuplot utf8_copy_one function due to improper UTF-8 input validation, potentially allowing denial of service.
Resolution
VMware By Broadcom is aware of CVE's CVE-2025-27363, CVE-2025-31177
Please refer to the release notes for existing and forthcoming product releases for any updates in relation to this CVE.
Should you require further information please contact Broadcom Support
Feedback
Yes
No
Powered by
