Security vulnerabilities detected in the SRM Photon OS

search cancel

Security vulnerabilities detected in the SRM Photon OS

book

Article ID: 439790

calendar_today

Updated On:

Products

VMware Site Recovery Manager

Issue/Introduction

Security scanners (such as Qualys or Nessus) report vulnerabilities within the VMware Photon OS used by the Site Recovery Manager (SRM) appliance.
These vulnerabilities are

VMware Photon OS Security Update for nodejs (PHSA-2025-4.0-0801)
VMware Photon OS Security Update for libxml2,kafka (PHSA-2025-4.0-0834)
VMware Photon OS Security Update for sudo (PHSA-2025-4.0-0824)

Environment

VMware Live Site Recovery 9.x

Cause

The Site Recovery Manager and vSphere Replication appliances are based on VMware Photon OS. Security vulnerabilities are introduced when the local packages on the appliance OS reach end-of-life or contain known flaws. Because these are closed appliances, individual OS packages cannot be manually updated or patched by users without potentially compromising the appliance's integrity.

Resolution

Upgrade to VMware Live Site Recovery 9.0.2.4 or later to address 2025 PHSA advisories.
For further information, see Multiple Vulnerabilities Detected in Site Recovery Manager

Feedback

thumb_up Yes

thumb_down No