diff --git a/docs/console/security/security_alarms.md b/docs/console/security/security_alarms.md
index 0ab89dde..33ff6c13 100644
--- a/docs/console/security/security_alarms.md
+++ b/docs/console/security/security_alarms.md
@@ -9,6 +9,9 @@ Cette page est mise à jour quotidiennement afin de tenir compte des vulnérabil
| Date | Référence(s) | CVSS | Titre | Description | Service(s) | Sévérité | Traitement |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnérabilité dans Red Hat OpenShift (CVE-2025-14443)** | Une vulnérabilité dans le composant `openshift-apiserver` permet une élévation de privilèges. L'exploitation nécessite une authentification préalable. | PaaS OpenShift | 🟠 Important | ⚠️ Pas de correctif actuel. Nous sommes en attente du patch de l'éditeur Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnérabilité dans VMware vCenter (CVE-2025-41250)** | Une vulnérabilité (CVE-2025-41250) permet à un attaquant authentifié de modifier les emails de notification des tâches planifiées. | IaaS By VMware | 🟠 Important | ⚠️ Nous vous recommandons de planifier une montée de version de vCenter (vers 8.0 U3g ou 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnérabilité dans VMware Tools (Windows)** | Une vulnérabilité (CVE-2025-41246) affectant VMware Tools pour Windows permet une élévation de privilèges (nécessite un accès local authentifié). | IaaS By VMware | 🟡 Modérée | ⚠️ Nous vous recommandons de planifier une montée de version des VMware Tools Windows (vers 13.0.5 ou 12.5.4). |
| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnérabilité dans Dell ObjectScale (CVE-2025-26476)** | Une vulnérabilité (CVE-2025-26476) dans Dell ObjectScale (< 4.0.0.0) liée à l’utilisation de clés SSH codées en dur permet un accès local non authentifié. | Object Storage | 🟠 Important | ✅ La remédiation de vos environnements ObjectScale est prise en charge par Cloud Temple. Aucune action de votre part n’est nécessaire. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnérabilités importantes dans VMware ESXi** | Plusieurs vulnérabilités importantes affectent VMware ESXi. Des correctifs sont fournis par l’éditeur. | IaaS By VMware | 🟠 Important | ⚠️ Nous vous recommandons de mettre à jour vos hyperviseurs. Les versions ESXi corrigées sont disponibles dès leur validation par Cloud Temple. Console vous indique les ESXi nécessitant une mise à jour. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnérabilité dans VMware Tools (CVE-2025-41239)** | Une vulnérabilité (CVE-2025-41239) dans VMware Tools permet une divulgation d’informations sensibles via vSockets non initialisés. Des correctifs sont fournis par l’éditeur. | IaaS By VMware | 🟡 Modérée | ⚠️ Nous vous recommandons de mettre à jour VMware Tools sur vos machines virtuelles. Les versions VM Tools corrigées sont embarquées dans les packages ESXi mis à disposition par Cloud Temple. |
diff --git a/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index b2037d7a..f4995d98 100644
--- a/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -13,18 +13,20 @@ Diese Seite wird täglich aktualisiert, um neu identifizierte Schwachstellen zu
| Datum | Referenz(en) | CVSS | Titel | Beschreibung | Dienst(e) | Schwere | Behandlung |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154: Schwachstelle in Dell ObjectScale (CVE-2025-26476)** | Eine Schwachstelle (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) im Zusammenhang mit der Verwendung von hartcodierten SSH-Schlüsseln ermöglicht einen nicht authentifizierten lokalen Zugriff. | Object Storage | 🟠 Wichtig | ✅ Die Beseitigung Ihrer ObjectScale-Umgebungen wird von Cloud Temple unterstützt. Es ist keine Aktion von Ihrer Seite erforderlich. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013: Wichtige Schwachstellen in VMware ESXi** | Mehrere wichtige Schwachstellen betreffen VMware ESXi. Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind ab ihrer Validierung durch Cloud Temple verfügbar. Die Konsole weist Sie auf die ESXi hin, die eine Aktualisierung benötigen. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013: Schwachstelle in VMware Tools (CVE-2025-41239)** | Eine Schwachstelle (CVE-2025-41239) in VMware Tools ermöglicht die Offenlegung sensibler Informationen über nicht initialisierte vSockets. Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟡 Mittel | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VMware Tools-Versionen sind in den von Cloud Temple bereitgestellten ESXi-Paketen enthalten. |
-| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Schwachstelle in XCP-NG durch falsche Ausnahmebehandlung** [Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Eine Schwachstelle wurde in XCP-NG entdeckt, die es ermöglicht, durch Code, der von einer virtuellen Maschine aus ausgeführt wird, den Hypervisor zum Absturz zu bringen und dadurch einen Dienstverweigerungsangriff (DoS) auf den gesamten Host auszulösen. | IaaS OpenSource | 🟡 Mittel | ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Korrekturen durch Cloud Temple geplant. Es ist keine Aktion von Ihrer Seite erforderlich.|
-| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Schwachstellen in XCP-NG in den Windows-PV-Treibern (XSA-468)** [Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Mehrere Schwachstellen (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in den Windows-PV-Treibern ermöglichen es nicht privilegierten Benutzern, Systemrechte innerhalb der Windows-VMs zu erlangen. | IaaS OpenSource | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, die Windows-PV-Treiber Ihrer virtuellen Maschinen auf die korrigierten Versionen zu aktualisieren, die im Sicherheitsbulletin angegeben sind. ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Korrekturen durch Cloud Temple geplant. |
-| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Schwachstellen in XCP-NG im Intel-Mikrocode und Xen (XSA-469, INTEL-SA)** [Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sicherheitskorrekturen für XCP-ng wurden veröffentlicht, die mehrere Schwachstellen im Intel-Mikrocode und Xen beheben. | IaaS OpenSource | 🟡 Mittel | ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Korrekturen durch Cloud Temple geplant. Es ist keine Aktion von Ihrer Seite erforderlich.|
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010: Mehrere Schwachstellen in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Mehrere Schwachstellen in VMware ESXi wurden gemeldet: Schwachstelle für Denial-of-Service-Operationen im Gast (CVE-2025-41226), Schwachstelle für Denial-of-Service (CVE-2025-41227), Cross-Site-Scripting-Schwachstelle (XSS) (CVE-2025-41228). Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟡 Mittel | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind ab ihrer Validierung durch Cloud Temple verfügbar. Die Konsole weist Sie auf die ESXi hin, die eine Aktualisierung benötigen. |
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010: Mehrere Schwachstellen in vCenter (CVE-2025-41225, CVE-2025-41228)** | Mehrere Schwachstellen in VMware vCenter wurden gemeldet: Schwachstelle für authentifizierte Befehlsausführung in VMware vCenter Server (CVE-2025-41225), Cross-Site-Scripting-Schwachstelle (XSS) (CVE-2025-41228). Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟠 Wichtig | ✅ Die Aktualisierung Ihrer vCenter-Instanzen ist ab der Validierung der Korrekturen durch Cloud Temple geplant. Es ist keine Aktion von Ihrer Seite erforderlich. Die Aktualisierung wird in den Console-Benachrichtigungen angezeigt. |
-| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007: Schwachstelle bei unsicherer Dateiverwaltung in VMware Tools (CVE-2025-22247)** | Eine Schwachstelle bei unsicherer Dateiverwaltung in VMware Tools wurde gemeldet. Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟡 Mittel | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VMware Tools-Versionen sind in den von Cloud Temple bereitgestellten ESXi-Paketen enthalten. |
-| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005: Schwachstelle bei Authentifizierungsüberwindung in VMware Tools für Windows (CVE-2025-22230)** | Eine Schwachstelle bei Authentifizierungsüberwindung in VMware Tools für Windows wurde gemeldet. Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VMware Tools-Versionen sind in den von Cloud Temple bereitgestellten ESXi-Paketen enthalten |
-| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004: Mehrere Schwachstellen in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Mehrere Schwachstellen in VMware ESXi wurden gemeldet: Schwachstelle für Heap-Overflow in VMCI (CVE-2025-22224), die von VMware als Kritisch eingestuft wird, Schwachstelle für beliebige Schreibvorgänge in VMware ESXi (CVE-2025-22225), Schwachstelle für Informationssicherheitsverletzungen in HGFS (CVE-2025-22226). Korrekturen sind vom Hersteller verfügbar. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind ab ihrer Validierung durch Cloud Temple verfügbar. Die Konsole weist Sie auf die ESXi hin, die eine Aktualisierung benötigen. |
-
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Schwachstelle in Red Hat OpenShift (CVE-2025-14443)** | Eine Schwachstelle in der Komponente `openshift-apiserver` ermöglicht eine Rechteausweitung (Privilege Escalation). Die Ausnutzung erfordert eine vorherige Authentifizierung. | PaaS OpenShift | 🟠 Wichtig | ⚠️ Aktuell kein Patch verfügbar. Wir warten auf den Patch des Herstellers Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Schwachstelle in VMware vCenter** | Eine Schwachstelle (CVE-2025-41250) ermöglicht es einem authentifizierten Angreifer, die Benachrichtigungs-E-Mails geplanter Aufgaben zu ändern. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, ein Upgrade von vCenter zu planen (auf 8.0 U3g oder 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Schwachstelle in VMware Tools (Windows)** | Eine Schwachstelle (CVE-2025-41246) in VMware Tools für Windows ermöglicht eine Rechteausweitung (erfordert lokalen authentifizierten Zugriff). | IaaS By VMware | 🟡 Moderat | ⚠️ Wir empfehlen Ihnen, ein Upgrade der VMware Tools für Windows zu planen (auf 13.0.5 oder 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Schwachstelle in Dell ObjectScale (CVE-2025-26476)** | Eine Schwachstelle (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) im Zusammenhang mit der Verwendung hartcodierter SSH-Schlüssel ermöglicht lokalen unauthentifizierten Zugriff. | Object Storage | 🟠 Wichtig | ✅ Die Behebung Ihrer ObjectScale-Umgebungen wird von Cloud Temple übernommen. Es ist keine Aktion Ihrerseits erforderlich. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Wichtige Schwachstellen in VMware ESXi** | Mehrere wichtige Schwachstellen betreffen VMware ESXi. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind verfügbar, sobald sie von Cloud Temple validiert wurden. Console zeigt die ESXi an, die ein Update benötigen. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Schwachstelle in VMware Tools (CVE-2025-41239)** | Eine Schwachstelle (CVE-2025-41239) in VMware Tools ermöglicht die Preisgabe sensibler Informationen über nicht initialisierte vSockets. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟡 Mäßig | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VM Tools-Versionen sind in den ESXi-Paketen enthalten, die von Cloud Temple zur Verfügung gestellt werden. |
+| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **XCP-NG-Schwachstelle durch fehlerhafte Ausnahmebehandlung**
[Hersteller-Bulletin](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Eine Schwachstelle wurde in XCP-NG entdeckt, die es privilegiertem Code innerhalb einer virtuellen Maschine ermöglicht, einen Absturz des Hypervisors zu verursachen, was zu einem Denial of Service (DoS) des gesamten Hosts führen kann. | IaaS OpenSource | 🟡 Mäßig | ✅ Das Update Ihrer XCP-ng-Instanzen ist geplant, sobald die Patches von Cloud Temple validiert wurden. Kein Handeln Ihrerseits erforderlich. |
+| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-90 | **XCP-NG-Vulnerabilitäten in den PV-Windows-Treibern (XSA-468)**
[Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Mehrere Schwachstellen (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in den PV-Windows-Treibern ermöglichen es unprivilegierten Benutzern, Systemrechte innerhalb der Windows-VMs zu erlangen. | IaaS OpenSource | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, die PV-Windows-Treiber Ihrer virtuellen Maschinen auf in der Sicherheitsmitteilung angegebenen korrigierten Versionen zu aktualisieren. ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Patches durch Cloud Temple geplant. |
+| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-83/) | 4.9-6.5 | **XCP-NG-Vulnerabilitäten im Intel-Microcode und Xen (XSA-469, INTEL-SA)**
[Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sicherheitspatches für XCP-ng wurden veröffentlicht, die mehrere Schwachstellen im Intel-Microcode und Xen beheben. | IaaS OpenSource | 🟡 Mäßig | ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Patches durch Cloud Temple geplant. Keine Aktion von Ihrer Seite erforderlich. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010: Mehrere Schwachstellen in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Es wurden mehrere Schwachstellen in VMware ESXi gemeldet: Denial-of-Service-Schwachstelle bei Gastoperationen (CVE-2025-41226), Denial-of-Service-Schwachstelle (CVE-2025-41227), Cross-Site-Scripting (XSS)-Schwachstelle (CVE-2025-41228). Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟡 Moderat | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die gepatchten ESXi-Versionen sind verfügbar, sobald sie von Cloud Temple validiert wurden. Die Konsole zeigt Ihnen an, welche ESXi aktualisiert werden müssen. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010: Mehrere Schwachstellen in vCenter (CVE-2025-41225, CVE-2025-41228)** | Es wurden mehrere Schwachstellen in VMware vCenter gemeldet: Authentifizierte Befehlsausführung in VMware vCenter Server (CVE-2025-41225), Cross-Site-Scripting (XSS)-Schwachstelle (CVE-2025-41228). Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Wichtig | ✅ Die Aktualisierung Ihrer vCenter-Instanzen ist eingeplant, sobald die Patches von Cloud Temple validiert wurden. Es ist keine Aktion Ihrerseits erforderlich. |
+| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007: Unsichere Dateiverwaltung in VMware Tools (CVE-2025-22247)** | Es wurde eine unsichere Dateiverwaltung in VMware Tools gemeldet. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟡 Moderat | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. |
+| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005: Authentifizierungsumgehung in VMware Tools für Windows (CVE-2025-22230)** | Es wurde eine Schwachstelle zur Umgehung der Authentifizierung in VMware Tools für Windows gemeldet. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. |
+| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004: Mehrere Schwachstellen in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Es wurden mehrere Schwachstellen in VMware ESXi gemeldet: Heap-Überlauf-Schwachstelle in VMCI (CVE-2025-22224), von VMware als kritisch eingestuft, Arbiträrer Schreibzugriff in VMware ESXi (CVE-2025-22225), HGFS-Informationsleck-Schwachstelle (CVE-2025-22226). Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die gepatchten ESXi-Versionen sind verfügbar, sobald sie von Cloud Temple validiert wurden. Die Konsole zeigt Ihnen an, welche ESXi aktualisiert werden müssen. |
## Informationen
diff --git a/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index 4381df72..2b4f2964 100644
--- a/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -13,18 +13,20 @@ This page is updated daily to account for newly identified vulnerabilities.
| Date | Reference(s) | CVSS | Title | Description | Service(s) | Severity | Treatment |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154: Vulnerability in Dell ObjectScale (CVE-2025-26476)** | A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hard-coded SSH keys allows unauthenticated local access. | Object Storage | 🟠 Important | ✅ Remediation of your ObjectScale environments is supported by Cloud Temple. No action is required from your side. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013: Critical vulnerabilities in VMware ESXi** | Several critical vulnerabilities affect VMware ESXi. Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available once validated by Cloud Temple. Console indicates the ESXi requiring an update. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013: Vulnerability in VMware Tools (CVE-2025-41239)** | A vulnerability (CVE-2025-41239) in VMware Tools allows disclosure of sensitive information via uninitialized vSockets. Patches are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VMware Tools versions are included in the ESXi packages provided by Cloud Temple. |
-| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **XCP-NG vulnerability via poor exception handling** [Vendor Bulletin](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | A vulnerability was discovered in XCP-NG, allowing privileged code executed from a virtual machine to crash the hypervisor, causing a denial of service (DoS) of the entire host. | IaaS OpenSource | 🟡 Moderate | ✅ The update of your XCP-ng instances is scheduled once the patches are validated by Cloud Temple. No action is required from your side.|
-| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **XCP-NG vulnerabilities in Windows PV drivers (XSA-468)** [Vendor Bulletin](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Several vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in the Windows PV drivers allow non-privileged users to gain system privileges inside Windows VMs. | IaaS OpenSource | 🟠 Important | ⚠️ We recommend updating the Windows PV drivers on your virtual machines to the corrected versions indicated in the security bulletin. ✅ The update of your XCP-ng instances is scheduled once the patches are validated by Cloud Temple. |
-| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **XCP-NG vulnerabilities in Intel microcode and Xen (XSA-469, INTEL-SA)** [Vendor Bulletin](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Security patches for XCP-ng have been released, fixing several vulnerabilities in Intel microcode and Xen. | IaaS OpenSource | 🟡 Moderate | ✅ The update of your XCP-ng instances is scheduled once the patches are validated by Cloud Temple. No action is required from your side.|
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010: Multiple vulnerabilities in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Several vulnerabilities in VMware ESXi have been reported: Guest operation denial of service vulnerability (CVE-2025-41226), Denial of service vulnerability (CVE-2025-41227), Cross Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available once validated by Cloud Temple. Console indicates the ESXi requiring an update. |
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010: Multiple vulnerabilities in vCenter (CVE-2025-41225, CVE-2025-41228)** | Several vulnerabilities in VMware vCenter have been reported: Authenticated command execution vulnerability in VMware vCenter Server (CVE-2025-41225), Cross Site Scripting (XSS) vulnerability (CVE-2025-41228). Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ✅ The update of your vCenter instances is scheduled once the patches are validated by Cloud Temple. No action is required from your side. The update is indicated in the Console notifications. |
-| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007: Unsecure file management vulnerability in VMware Tools (CVE-2025-22247)** | An unsecure file management vulnerability in VMware Tools has been reported. Patches are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VMware Tools versions are included in the ESXi packages provided by Cloud Temple. |
-| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005: Authentication bypass vulnerability in VMware Tools for Windows (CVE-2025-22230)** | An authentication bypass vulnerability in VMware Tools for Windows has been reported. Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VMware Tools versions are included in the ESXi packages provided by Cloud Temple |
-| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004: Multiple vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Several vulnerabilities in VMware ESXi have been reported: VMCI heap overflow vulnerability (CVE-2025-22224) rated as Critical by VMware, Arbitrary write vulnerability in VMware ESXi (CVE-2025-22225), Information disclosure vulnerability in HGFS (CVE-2025-22226). Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available once validated by Cloud Temple. Console indicates the ESXi requiring an update. |
-
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerability in Red Hat OpenShift (CVE-2025-14443)** | A vulnerability in the `openshift-apiserver` component allows privilege escalation. Exploitation requires prior authentication. | PaaS OpenShift | 🟠 Important | ⚠️ No current patch. We are awaiting the patch from the vendor Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerability in VMware vCenter** | A vulnerability (CVE-2025-41250) allows an authenticated attacker to modify notification emails for scheduled tasks. | IaaS By VMware | 🟠 Important | ⚠️ We recommend planning a vCenter version upgrade (to 8.0 U3g or 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerability in VMware Tools (Windows)** | A vulnerability (CVE-2025-41246) affecting VMware Tools for Windows allows privilege escalation (requires authenticated local access). | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend planning a VMware Tools for Windows version upgrade (to 13.0.5 or 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerability in Dell ObjectScale (CVE-2025-26476)** | A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hard-coded SSH keys allows unauthenticated local access. | Object Storage | 🟠 Important | ✅ The remediation of your ObjectScale environments is handled by Cloud Temple. No action on your part is required. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Important Vulnerabilities in VMware ESXi** | Several important vulnerabilities affect VMware ESXi. Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available as soon as they are validated by Cloud Temple. Console indicates the ESXi requiring an update. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerability in VMware Tools (CVE-2025-41239)** | A vulnerability (CVE-2025-41239) in VMware Tools allows sensitive information disclosure via uninitialized vSockets. Patches are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple. |
+| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **XCP-NG vulnerability due to improper exception handling**
[Vendor bulletin](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | A vulnerability was discovered in XCP-NG, allowing privileged code executed from a virtual machine to crash the hypervisor, resulting in a denial of service (DoS) of the entire host. | IaaS OpenSource | 🟡 Moderate | ✅ Updating your XCP-ng instances is scheduled as soon as the patches are validated by Cloud Temple. No action is required on your part. |
+| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **XCP-NG vulnerabilities in Windows PV drivers (XSA-468)**
[Publisher bulletin](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Several vulnerabilities (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in Windows PV drivers allow unprivileged users to obtain system privileges within Windows VMs. | IaaS OpenSource | 🟠 Important | ⚠️ We recommend updating the Windows PV drivers of your virtual machines to the corrected versions indicated in the security bulletin. ✅ The update of your XCP-ng instances is planned as soon as the patches are validated by Cloud Temple. |
+| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **XCP-NG vulnerabilities in Intel microcode and Xen (XSA-469, INTEL-SA)**
[Publisher bulletin](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Security patches for XCP-ng have been published, correcting several vulnerabilities in Intel microcode and Xen. | IaaS OpenSource | 🟡 Moderate | ✅ The update of your XCP-ng instances is planned as soon as the patches are validated by Cloud Temple. No action is required from your side.|
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010: Multiple vulnerabilities in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Multiple vulnerabilities have been reported in VMware ESXi: Guest operation denial of service vulnerability (CVE-2025-41226), Denial of service vulnerability (CVE-2025-41227), Cross Site Scripting (XSS) vulnerability (CVE-2025-41228). Fixes are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend that you update your hypervisors. The patched ESXi versions are available once validated by Cloud Temple. The Console indicates which ESXi instances require an update. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010: Multiple vulnerabilities in vCenter (CVE-2025-41225, CVE-2025-41228)** | Multiple vulnerabilities have been reported in VMware vCenter: Authenticated command execution vulnerability in VMware vCenter Server (CVE-2025-41225), Cross Site Scripting (XSS) vulnerability (CVE-2025-41228). Fixes are provided by the vendor. | IaaS By VMware | 🟠 Important | ✅ Updating your vCenter instances is scheduled as soon as the patches are validated by Cloud Temple. No action is required on your part. |
+| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007: Insecure file management vulnerability in VMware Tools (CVE-2025-22247)** | An insecure file management vulnerability in VMware Tools has been reported. Fixes are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend that you update VMware Tools on your virtual machines. |
+| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005: Authentication bypass vulnerability in VMware Tools for Windows (CVE-2025-22230)** | An authentication bypass vulnerability in VMware Tools for Windows has been reported. Fixes are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend that you update VMware Tools on your virtual machines. |
+| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004: Multiple vulnerabilities in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Multiple vulnerabilities have been reported in VMware ESXi: VMCI heap overflow vulnerability (CVE-2025-22224) rated Critical by VMware, Arbitrary write vulnerability in VMware ESXi (CVE-2025-22225), HGFS information disclosure vulnerability (CVE-2025-22226). Fixes are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend that you update your hypervisors. The patched ESXi versions are available once validated by Cloud Temple. The Console indicates which ESXi instances require an update. |
## Information
diff --git a/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index 11532159..a65b6aba 100644
--- a/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -13,18 +13,20 @@ Esta página se actualiza diariamente para tener en cuenta las vulnerabilidades
| Fecha | Referencia(s) | CVSS | Título | Descripción | Servicio(s) | Severidad | Tratamiento |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilidad en Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilidad (CVE-2025-26476) en Dell ObjectScale (< 4.0.0.0) relacionada con el uso de claves SSH codificadas en duración permite un acceso no autenticado local. | Almacenamiento de objetos | 🟠 Importante | ✅ La remediación de sus entornos ObjectScale está respaldada por Cloud Temple. No es necesaria ninguna acción por su parte. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilidades importantes en VMware ESXi** | Varios problemas de seguridad importantes afectan a VMware ESXi. Se proporcionan correcciones por el editor. | IaaS por VMware | 🟠 Importante | ⚠️ Recomendamos que actualice sus hipervisores. Las versiones de ESXi corregidas están disponibles desde su validación por Cloud Temple. La consola le indica los ESXi que requieren una actualización. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilidad en VMware Tools (CVE-2025-41239)** | Una vulnerabilidad (CVE-2025-41239) en VMware Tools permite la divulgación de información sensible a través de vSockets no inicializados. Se proporcionan correcciones por el editor. | IaaS por VMware | 🟡 Moderada | ⚠️ Recomendamos que actualice VMware Tools en sus máquinas virtuales. Las versiones de VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple. |
-| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilidad XCP-NG debido a una mala gestión de excepciones** [Boletín del editor](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Se descubrió una vulnerabilidad en XCP-NG, que permite que código privilegiado ejecutado desde una máquina virtual provoque un fallo del hipervisor, causando un denegación de servicio (DoS) en el anfitrión completo. | IaaS de código abierto | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está programada desde la validación de las correcciones por Cloud Temple. No es necesaria ninguna acción por su parte.|
-| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilidades XCP-NG en los controladores PV Windows (XSA-468)** [Boletín del editor](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Varios problemas de seguridad (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) en los controladores PV Windows permiten a usuarios no privilegiados obtener privilegios del sistema dentro de las VM Windows. | IaaS de código abierto | 🟠 Importante | ⚠️ Recomendamos que actualice los controladores PV Windows de sus máquinas virtuales a las versiones corregidas indicadas en el boletín de seguridad. ✅ La actualización de sus instancias XCP-ng está programada desde la validación de las correcciones por Cloud Temple. |
-| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilidades XCP-NG en el microcódigo Intel y Xen (XSA-469, INTEL-SA)** [Boletín del editor](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Se han publicado actualizaciones de seguridad para XCP-ng, corrigiendo varios problemas de seguridad en el microcódigo Intel y Xen. | IaaS de código abierto | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está programada desde la validación de las correcciones por Cloud Temple. No es necesaria ninguna acción por su parte.|
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010 : Múltiples vulnerabilidades en VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Se han notificado múltiples vulnerabilidades en VMware ESXi: Vulnerabilidad de denegación de servicio de operaciones de invitado (CVE-2025-41226), Vulnerabilidad de denegación de servicio (CVE-2025-41227), Vulnerabilidad de Cross Site Scripting (XSS) (CVE-2025-41228). Se proporcionan correcciones por el editor. | IaaS por VMware | 🟡 Moderada | ⚠️ Recomendamos que actualice sus hipervisores. Las versiones de ESXi corregidas están disponibles desde su validación por Cloud Temple. La consola le indica los ESXi que requieren una actualización. |
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010 : Múltiples vulnerabilidades en vCenter (CVE-2025-41225, CVE-2025-41228)** | Se han notificado múltiples vulnerabilidades en VMware vCenter: Vulnerabilidad de ejecución de comandos autenticados en VMware vCenter Server (CVE-2025-41225), Vulnerabilidad de Cross Site Scripting (XSS) (CVE-2025-41228). Se proporcionan correcciones por el editor. | IaaS por VMware | 🟠 Importante | ✅ La actualización de sus instancias vCenter está programada desde la validación de las correcciones por Cloud Temple. No es necesaria ninguna acción por su parte. La actualización se notifica en las notificaciones de la consola. |
-| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007 : Vulnerabilidad de gestión insegura de archivos en VMware Tools (CVE-2025-22247)** | Se ha notificado una vulnerabilidad de gestión insegura de archivos en VMware Tools. Se proporcionan correcciones por el editor. | IaaS por VMware | 🟡 Moderada | ⚠️ Recomendamos que actualice VMware Tools en sus máquinas virtuales. Las versiones de VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple. |
-| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005 : Vulnerabilidad de contorno de autenticación en VMware Tools para Windows (CVE-2025-22230)** | Se ha notificado una vulnerabilidad de contorno de autenticación en VMware Tools para Windows. Se proporcionan correcciones por el editor. | IaaS por VMware | 🟠 Importante | ⚠️ Recomendamos que actualice VMware Tools en sus máquinas virtuales. Las versiones de VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple |
-| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004 : Múltiples vulnerabilidades en VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Se han notificado múltiples vulnerabilidades en VMware ESXi: Vulnerabilidad de desbordamiento de pila VMCI (CVE-2025-22224) calificada como Crítica por VMware, Vulnerabilidad de escritura arbitraria en VMware ESXi (CVE-2025-22225), Vulnerabilidad de divulgación de información HGFS (CVE-2025-22226). Se proporcionan correcciones por el editor. | IaaS por VMware | 🟠 Importante | ⚠️ Recomendamos que actualice sus hipervisores. Las versiones de ESXi corregidas están disponibles desde su validación por Cloud Temple. La consola le indica los ESXi que requieren una actualización. |
-
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerabilidad en Red Hat OpenShift (CVE-2025-14443)** | Una vulnerabilidad en el componente `openshift-apiserver` permite la escalada de privilegios. La explotación requiere autenticación previa. | PaaS OpenShift | 🟠 Importante | ⚠️ No hay parche actual. Estamos a la espera del parche del proveedor Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerabilidad en VMware vCenter** | Una vulnerabilidad (CVE-2025-41250) permite a un atacante autenticado modificar los correos electrónicos de notificación de tareas programadas. | IaaS By VMware | 🟠 Importante | ⚠️ Recomendamos planificar una actualización de versión de vCenter (a 8.0 U3g o 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerabilidad en VMware Tools (Windows)** | Una vulnerabilidad (CVE-2025-41246) que afecta a VMware Tools para Windows permite una escalada de privilegios (requiere acceso local autenticado). | IaaS By VMware | 🟡 Moderada | ⚠️ Recomendamos planificar una actualización de versión de VMware Tools para Windows (a 13.0.5 o 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilidad en Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilidad (CVE-2025-26476) en Dell ObjectScale (< 4.0.0.0) relacionada con el uso de claves SSH codificadas permite acceso local no autenticado. | Object Storage | 🟠 Importante | ✅ La remediación de sus entornos ObjectScale está a cargo de Cloud Temple. No se requiere ninguna acción de su parte. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilidades importantes en VMware ESXi** | Varias vulnerabilidades importantes afectan VMware ESXi. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟠 Importante | ⚠️ Recomendamos actualizar sus hipervisores. Las versiones ESXi corregidas están disponibles tan pronto como son validadas por Cloud Temple. Console indica los ESXi que requieren actualización. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilidad en VMware Tools (CVE-2025-41239)** | Una vulnerabilidad (CVE-2025-41239) en VMware Tools permite la divulgación de información sensible a través de vSockets no inicializados. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟡 Moderada | ⚠️ Recomendamos actualizar VMware Tools en sus máquinas virtuales. Las versiones VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple. |
+| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilidad XCP-NG por un manejo inadecuado de excepciones**
[Boletín del editor](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Se ha descubierto una vulnerabilidad en XCP-NG que permite a código privilegiado ejecutado desde una máquina virtual provocar un fallo del hipervisor, causando una denegación de servicio (DoS) del host completo. | IaaS OpenSource | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está planificada desde la validación de los parches por parte de Cloud Temple. No se requiere ninguna acción de su parte. |
+| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilidades XCP-NG en los controladores PV de Windows (XSA-468)**
[Boletín del editor](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Múltiples vulnerabilidades (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) en los controladores PV de Windows permiten a usuarios no privilegiados obtener privilegios de sistema dentro de las VM de Windows. | IaaS OpenSource | 🟠 Importante | ⚠️ Recomendamos actualizar los controladores PV de Windows de sus máquinas virtuales a las versiones corregidas indicadas en el boletín de seguridad. ✅ La actualización de sus instancias XCP-ng está planificada tan pronto como Cloud Temple valide las correcciones. |
+| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilidades XCP-NG en el microcódigo de Intel y Xen (XSA-469, INTEL-SA)**
[Boletín del editor](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Se han publicado parches de seguridad para XCP-ng, corrigiendo múltiples vulnerabilidades en el microcódigo de Intel y Xen. | IaaS OpenSource | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está planificada tan pronto como Cloud Temple valide las correcciones. No es necesaria ninguna acción por su parte. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010 : Múltiples vulnerabilidades en VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Se han reportado varias vulnerabilidades en VMware ESXi: Vulnerabilidad de denegación de servicio en operaciones de invitado (CVE-2025-41226), vulnerabilidad de denegación de servicio (CVE-2025-41227), vulnerabilidad de tipo Cross Site Scripting (XSS) (CVE-2025-41228). Se proporcionan parches por parte del proveedor. | IaaS By VMware | 🟡 Moderada | ⚠️ Le recomendamos actualizar sus hipervisores. Las versiones corregidas de ESXi están disponibles tan pronto como sean validadas por Cloud Temple. Console le indica los ESXi que requieren actualización. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010 : Múltiples vulnerabilidades en vCenter (CVE-2025-41225, CVE-2025-41228)** | Se han reportado varias vulnerabilidades en VMware vCenter: Vulnerabilidad de ejecución de comandos autenticados en VMware vCenter Server (CVE-2025-41225), vulnerabilidad de tipo Cross Site Scripting (XSS) (CVE-2025-41228). Se proporcionan parches por parte del proveedor. | IaaS By VMware | 🟠 Importante | ✅ La actualización de sus instancias vCenter está prevista tan pronto como los parches sean validados por Cloud Temple. No se requiere ninguna acción por su parte. |
+| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007 : Vulnerabilidad de gestión de archivos no segura en VMware Tools (CVE-2025-22247)** | Se ha reportado una vulnerabilidad de gestión de archivos no segura en VMware Tools. Se proporcionan parches por parte del proveedor. | IaaS By VMware | 🟡 Moderada | ⚠️ Le recomendamos actualizar VMware Tools en sus máquinas virtuales. |
+| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005 : Vulnerabilidad de omisión de autenticación en VMware Tools para Windows (CVE-2025-22230)** | Se ha reportado una vulnerabilidad de omisión de autenticación en VMware Tools para Windows. Se proporcionan parches por parte del proveedor. | IaaS By VMware | 🟠 Importante | ⚠️ Le recomendamos actualizar VMware Tools en sus máquinas virtuales. |
+| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004 : Múltiples vulnerabilidades en VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Se han reportado varias vulnerabilidades en VMware ESXi: Vulnerabilidad de desbordamiento de pila VMCI (CVE-2025-22224) evaluada como Crítica por VMware, vulnerabilidad de escritura arbitraria en VMware ESXi (CVE-2025-22225), vulnerabilidad de divulgación de información HGFS (CVE-2025-22226). Se proporcionan parches por parte del proveedor. | IaaS By VMware | 🟠 Importante | ⚠️ Le recomendamos actualizar sus hipervisores. Las versiones corregidas de ESXi están disponibles tan pronto como sean validadas por Cloud Temple. Console le indica los ESXi que requieren actualización. |
## Información
diff --git a/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index ddc3855c..c977396b 100644
--- a/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -13,18 +13,20 @@ Questa pagina viene aggiornata quotidianamente per tenere conto delle vulnerabil
| Data | Riferimento(i) | CVSS | Titolo | Descrizione | Servizio(i) | Gravità | Intervento |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilità in Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilità (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) relativa all'utilizzo di chiavi SSH codificate in modo statico che consente l'accesso non autenticato locale. | Object Storage | 🟠 Importante | ✅ La correzione dei vostri ambienti ObjectScale è supportata da Cloud Temple. Non è necessaria alcuna azione da parte vostra. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilità importanti in VMware ESXi** | Diverse vulnerabilità importanti interessano VMware ESXi. Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟠 Importante | ⚠️ Vi consigliamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena validate da Cloud Temple. La Console vi indica gli ESXi che necessitano di un aggiornamento. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilità in VMware Tools (CVE-2025-41239)** | Una vulnerabilità (CVE-2025-41239) in VMware Tools consente la divulgazione di informazioni sensibili tramite vSockets non inizializzati. Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟡 Moderata | ⚠️ Vi consigliamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni di VMware Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple. |
-| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilità XCP-NG dovuta a una cattiva gestione delle eccezioni** [Bulletin produttore](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Una vulnerabilità è stata scoperta in XCP-NG, che permette a un codice privilegiato eseguito da una macchina virtuale di causare il crash dell'hypervisor, provocando un negazione del servizio (DoS) sull'intero host. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle vostre istanze XCP-ng è programmato non appena le correzioni saranno validate da Cloud Temple. Non è necessaria alcuna azione da parte vostra.|
-| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilità XCP-NG nei driver PV Windows (XSA-468)** [Bulletin produttore](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Diverse vulnerabilità (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) nei driver PV Windows permettono a utenti non privilegiati di ottenere privilegi di sistema all'interno delle VM Windows. | IaaS OpenSource | 🟠 Importante | ⚠️ Vi consigliamo di aggiornare i driver PV Windows delle vostre macchine virtuali alle versioni corrette indicate nel bollettino di sicurezza. ✅ L'aggiornamento delle vostre istanze XCP-ng è programmato non appena le correzioni saranno validate da Cloud Temple. |
-| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilità XCP-NG nel microcodice Intel e Xen (XSA-469, INTEL-SA)** [Bulletin produttore](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sono stati pubblicati aggiornamenti di sicurezza per XCP-ng, che correggono diverse vulnerabilità nel microcodice Intel e Xen. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle vostre istanze XCP-ng è programmato non appena le correzioni saranno validate da Cloud Temple. Non è necessaria alcuna azione da parte vostra.|
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010 : Multiple vulnerabilità in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Diverse vulnerabilità in VMware ESXi sono state segnalate: Vulnerabilità di negazione del servizio per le operazioni guest (CVE-2025-41226), Vulnerabilità di negazione del servizio (CVE-2025-41227), Vulnerabilità di tipo Cross Site Scripting (XSS) (CVE-2025-41228). Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟡 Moderata | ⚠️ Vi consigliamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena validate da Cloud Temple. La Console vi indica gli ESXi che necessitano di un aggiornamento. |
-| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010 : Multiple vulnerabilità in vCenter (CVE-2025-41225, CVE-2025-41228)** | Diverse vulnerabilità in VMware vCenter sono state segnalate: Vulnerabilità di esecuzione di comandi autenticati in VMware vCenter Server (CVE-2025-41225), Vulnerabilità di tipo Cross Site Scripting (XSS) (CVE-2025-41228). Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟠 Importante | ✅ L'aggiornamento delle vostre istanze vCenter è programmato non appena le correzioni saranno validate da Cloud Temple. Non è necessaria alcuna azione da parte vostra. L'aggiornamento è segnalato nelle notifiche Console. |
-| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007 : Vulnerabilità di gestione dei file non sicura in VMware Tools (CVE-2025-22247)** | Una vulnerabilità di gestione dei file non sicura in VMware Tools è stata segnalata. Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟡 Moderata | ⚠️ Vi consigliamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni di VMware Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple. |
-| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005 : Vulnerabilità di bypass dell'autenticazione in VMware Tools per Windows (CVE-2025-22230)** | Una vulnerabilità di bypass dell'autenticazione in VMware Tools per Windows è stata segnalata. Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟠 Importante | ⚠️ Vi consigliamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni di VMware Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple |
-| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004 : Multiple vulnerabilità in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Diverse vulnerabilità in VMware ESXi sono state segnalate: Vulnerabilità di sovraccarico della memoria VMCI (CVE-2025-22224) valutata Critica da VMware, Vulnerabilità di scrittura arbitraria in VMware ESXi (CVE-2025-22225), Vulnerabilità di divulgazione di informazioni HGFS (CVE-2025-22226). Le correzioni sono fornite dal produttore. | IaaS By VMware | 🟠 Importante | ⚠️ Vi consigliamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena validate da Cloud Temple. La Console vi indica gli ESXi che necessitano di un aggiornamento. |
-
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerabilità in Red Hat OpenShift (CVE-2025-14443)** | Una vulnerabilità nel componente `openshift-apiserver` consente l'escalation dei privilegi. Lo sfruttamento richiede un'autenticazione precedente. | PaaS OpenShift | 🟠 Importante | ⚠️ Nessuna patch attuale. Siamo in attesa della patch dal fornitore Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerabilità in VMware vCenter** | Una vulnerabilità (CVE-2025-41250) consente a un attaccante autenticato di modificare le email di notifica delle attività pianificate. | IaaS By VMware | 🟠 Importante | ⚠️ Raccomandiamo di pianificare un aggiornamento di versione di vCenter (alla 8.0 U3g o 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerabilità in VMware Tools (Windows)** | Una vulnerabilità (CVE-2025-41246) che interessa VMware Tools per Windows consente l'escalation dei privilegi (richiede accesso locale autenticato). | IaaS By VMware | 🟡 Moderata | ⚠️ Raccomandiamo di pianificare un aggiornamento di versione di VMware Tools per Windows (alla 13.0.5 o 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilità in Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilità (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) relativa all'uso di chiavi SSH codificate consente l'accesso locale non autenticato. | Object Storage | 🟠 Importante | ✅ La risoluzione dei vostri ambienti ObjectScale è gestita da Cloud Temple. Non è richiesta alcuna azione da parte vostra. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilità importanti in VMware ESXi** | Diverse vulnerabilità importanti interessano VMware ESXi. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟠 Importante | ⚠️ Raccomandiamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena vengono convalidate da Cloud Temple. Console indica gli ESXi che richiedono un aggiornamento. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilità in VMware Tools (CVE-2025-41239)** | Una vulnerabilità (CVE-2025-41239) in VMware Tools consente la divulgazione di informazioni sensibili tramite vSockets non inizializzati. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟡 Moderata | ⚠️ Raccomandiamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni VM Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple. |
+| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilità XCP-NG dovuta a una gestione errata delle eccezioni**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | È stata scoperta una vulnerabilità in XCP-NG che consente a codice privilegiato, eseguito da una macchina virtuale, di causare un crash dell'hypervisor, provocando un'interruzione di servizio (DoS) dell'intero host. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle vostre istanze XCP-ng è pianificato non appena le patch saranno convalidate da Cloud Temple. Nessuna azione da parte vostra è necessaria.|
+| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilità XCP-NG nei driver PV Windows (XSA-468)**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Diverse vulnerabilità (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) nei driver PV Windows consentono a utenti non privilegiati di ottenere privilegi di sistema all'interno delle VM Windows. | IaaS OpenSource | 🟠 Importante | ⚠️ Si consiglia di aggiornare i driver PV Windows delle proprie macchine virtuali alle versioni corrette indicate nel bollettino di sicurezza. ✅ L'aggiornamento delle proprie istanze XCP-ng è pianificato non appena le correzioni saranno validate da Cloud Temple. |
+| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilità XCP-NG nel microcodice Intel e Xen (XSA-469, INTEL-SA)**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sono state pubblicate correzioni di sicurezza per XCP-ng, che risolvono diverse vulnerabilità nel microcodice Intel e Xen. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle proprie istanze XCP-ng è pianificato non appena le correzioni saranno validate da Cloud Temple. Nessuna azione è richiesta da parte vostra.|
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-6.8 | **VMSA-2025-0010: Molteplici vulnerabilità in VMware ESXi (CVE-2025-41226, CVE-2025-41227, CVE-2025-41228)** | Sono state segnalate diverse vulnerabilità in VMware ESXi: vulnerabilità di tipo denial-of-service delle operazioni guest (CVE-2025-41226), vulnerabilità di tipo denial-of-service (CVE-2025-41227), vulnerabilità di tipo Cross Site Scripting (XSS) (CVE-2025-41228). Patch correttive sono fornite dal fornitore. | IaaS By VMware | 🟡 Moderata | ⚠️ Si consiglia di aggiornare i vostri hypervisor. Le versioni corrette di ESXi sono disponibili al momento della validazione da parte di Cloud Temple. La Console indica gli ESXi che necessitano di aggiornamento. |
+| 21/05/2025 | [VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) | 4.3-8.8 | **VMSA-2025-0010: Molteplici vulnerabilità in vCenter (CVE-2025-41225, CVE-2025-41228)** | Sono state segnalate diverse vulnerabilità in VMware vCenter: vulnerabilità di esecuzione di comandi autenticati in VMware vCenter Server (CVE-2025-41225), vulnerabilità di tipo Cross Site Scripting (XSS) (CVE-2025-41228). Patch correttive sono fornite dal fornitore. | IaaS By VMware | 🟠 Importante | ✅ L’aggiornamento delle vostre istanze vCenter è pianificato non appena le patch sono validate da Cloud Temple. Nessuna azione richiesta da parte vostra. |
+| 14/05/2025 | [VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) | 6.1 | **VMSA-2025-0007: Vulnerabilità di gestione non sicura dei file in VMware Tools (CVE-2025-22247)** | È stata segnalata una vulnerabilità di gestione non sicura dei file in VMware Tools. Patch correttive sono fornite dal fornitore. | IaaS By VMware | 🟡 Moderata | ⚠️ Si consiglia di aggiornare VMware Tools sulle vostre macchine virtuali. |
+| 25/03/2025 | [VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) | 7.8 | **VMSA-2025-0005: Vulnerabilità di bypass dell’autenticazione in VMware Tools per Windows (CVE-2025-22230)** | È stata segnalata una vulnerabilità di bypass dell’autenticazione in VMware Tools per Windows. Patch correttive sono fornite dal fornitore. | IaaS By VMware | 🟠 Importante | ⚠️ Si consiglia di aggiornare VMware Tools sulle vostre macchine virtuali. |
+| 04/03/2025 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) | 7.1-9.3 | **VMSA-2025-0004: Molteplici vulnerabilità in VMware ESXi (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)** | Sono state segnalate diverse vulnerabilità in VMware ESXi: vulnerabilità di overflow dell’heap VMCI (CVE-2025-22224) valutata come Critica da VMware, vulnerabilità di scrittura arbitraria in VMware ESXi (CVE-2025-22225), vulnerabilità di divulgazione di informazioni HGFS (CVE-2025-22226). Patch correttive sono fornite dal fornitore. | IaaS By VMware | 🟠 Importante | ⚠️ Si consiglia di aggiornare i vostri hypervisor. Le versioni corrette di ESXi sono disponibili al momento della validazione da parte di Cloud Temple. La Console indica gli ESXi che necessitano di aggiornamento. |
## Informazioni