Mission Statement

Serial number:AV25-568
Date:September 5, 2025

On September 3, 2025, Sitecore published a security advisory to address vulnerabilities in the following products:

• Sitecore Experience Manager (XM) – version 9.0 and prior
• Sitecore Experience Platform (XP) – version 9.0 and prior
• Sitecore Experience Commerce (XC) – version 9.0 and prior
• Sitecore Managed Cloud – version 9.0 and prior

The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary updates.

• Security Bulletin SC2025-005

Serial number:AV25-567
Date:September 4, 2025

On September 3, 2025, HPE published a security advisory to address a vulnerability in the following product:

• HPE M-Series Switches Using NVIDIA Cumulus – versions prior to 5.9.2 and 5.11.1

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• HPESBST04945 rev.1 - HPE M-Series Switches Using NVIDIA Cumulus Software, Local Escalation of Privilege Vulnerability
• HPE Security Bulletin Library

Serial number:AV25-566
Date:September 4, 2025

On August 19, 2025, Atlassian published a security advisory to address vulnerabilities in the following products:

• Bamboo Data Center and Server – multiple versions
• Bitbucket Data Center and Server – multiple versions
• Crowd Data Center and Server – multiple versions

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Security Bulletin - August 19 2025
• Atlassian Security Advisories and Bulletins

Serial number:AV25-565
Date:September 4, 2025

Between September 2 and 3, 2025, VMware published security advisories to address vulnerabilities in the following products:

• Tanzu Greenplum – version prior to 7.5.4
• Tanzu Platform for Cloud Foundry – version prior to 10.0.9
• Tanzu Platform for Cloud Foundry – version prior to 10.2.2+LTS-T
• Tanzu Platform for Cloud Foundry – version prior to 6.0.19+LTS-T
• VMware Tanzu GemFire Management Console – version prior to 4.0

The Cyber Centre encourages users and administrators to review the provided web links and perform the suggested mitigations.

• Product Release Advisory - Tanzu Platform for Cloud Foundry 10.0.9
• Product Release Advisory - Tanzu Platform for Cloud Foundry 10.2.2+LTS-T
• Product Release Advisory - Tanzu Platform for Cloud Foundry 6.0.19+LTS-T
• Product Release Advisory - VMware Tanzu GemFire Management Console 1.4.0
• Product Release Advisory - VMware Tanzu Greenplum 7.5.4
• Security Advisories - VMware Cloud Foundation

Serial number:AV25-564
Date:September 4, 2025

On September 3, 2025, Jenkins published a security advisory to address vulnerabilities in the following products:

• Git Client Plugin – version 6.3.2 and prior
• Jakarta Mail API Plugin – version 2.1.3-2 and prior
• Global-build-stats Plugin – version 322.v22f4db_18e2dd and prior
• OpenTelemetry Plugin – version 3.1543.v8446b_92b_cd64 and prior

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.

• Jenkins Security Advisory 2025-09-03
• Jenkins Security Advisories

Serial number:AV25-563
Date:September 4, 2025

On September 3, 2025, Drupal published a security advisory to address a vulnerability in the following product:

• Acquia DAM – versions prior to 1.1.5

The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates or perform the suggested mitigations.

• Acquia DAM - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-105
• Drupal Security Advisories