OpenSSL Vulnerabilities found in VMware PowerCLI 13.x and VCF PowerCLI 9.0(ImageBuilder Module).
search cancel

OpenSSL Vulnerabilities found in VMware PowerCLI 13.x and VCF PowerCLI 9.0(ImageBuilder Module).

book

Article ID: 425882

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

OpenSSL vulnerabilities have been detected in VMware PowerCLI 13.3, VMware PowerCLI 13.4, and VCF PowerCLI 9.0, related to the OpenSSL library bundled with the ImageBuilder sub-module.
 
The following CVEs are associated with this issue:
 
  • CVE-2024-6119
  • CVE-2025-9230
 
These vulnerabilities do NOT affect the rest of the VCF platform and are limited in scope as described below.

Environment

  • VMware PowerCLI 13.3.0
  • VMware PowerCLI 13.4.0.
  • VCF PowerCLI 9.0.

Cause

The issue is caused by the version of OpenSSL bundled with the ImageBuilder sub-module of PowerCLI.

Affected OpenSSL versions:

  • OpenSSL 3.0.14.0 through 3.0.17.0

These OpenSSL versions contain security vulnerabilities corresponding to the CVEs listed above.
PowerCLI itself does not provide an independent mechanism to patch or update the OpenSSL library.

Resolution

This is a known defect affecting VMware PowerCLI 13.3, VMware PowerCLI 13.4, and VCF PowerCLI 9.0.
The issue is planned to be resolved in a future release update of VCF PowerCLI 9.1.

Additional Information

 

  • There is no separate OpenSSL patch for VMware PowerCLI 13.x.

  • Remediation will be provided through the VCF 9.1 update.

 

Powered by Wolken Software