Security scans might report CVE-2025-9900 as finding for VMware Photon OS based appliances
search cancel

Security scans might report CVE-2025-9900 as finding for VMware Photon OS based appliances

book

Article ID: 412102

calendar_today

Updated On:

Products

VCF Operations VMware vCenter Server

Issue/Introduction

When running a security scan against any Photon OS based virtual appliance shipped by VMware, such as, for example:

  • VMware vCenter Server Appliance 8.0.x
  • VMware Aria Operations for Logs 8.x

and others, the scan software might report CVE-2025-9900 as a vulnerability finding.

Environment

VMware vCenter Server 8.0.x

VMware Aria Operations for Logs 8.x

Resolution

This is a false positive finding.

Photon OS 4.0 and 5.0 have been confirmed to be non-vulnerable against the write-what-where vulnerability for libtiff, which was registered as CVE-2025-9900.

Virtual Appliances using these operating system versions as host OS are not affected by this CVE.

Powered by Wolken Software