From bc8a767b4bde07994cce978dea2c1676a8697ccd Mon Sep 17 00:00:00 2001
From: Matisse <93315053+MatissePrt@users.noreply.github.com>
Date: Fri, 16 Jan 2026 16:59:36 +0100
Subject: [PATCH] update vulnerability
---
docs/console/security/security_alarms.md | 3 +++
.../current/console/security/security_alarms.md | 9 ++++++---
.../current/console/security/security_alarms.md | 3 +++
.../current/console/security/security_alarms.md | 9 ++++++---
.../current/console/security/security_alarms.md | 9 ++++++---
5 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/docs/console/security/security_alarms.md b/docs/console/security/security_alarms.md
index 3285df07..859326ef 100644
--- a/docs/console/security/security_alarms.md
+++ b/docs/console/security/security_alarms.md
@@ -9,6 +9,9 @@ Cette page est mise à jour quotidiennement afin de tenir compte des vulnérabil
| Date | Référence(s) | CVSS | Titre | Description | Service(s) | Sévérité | Traitement |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnérabilité dans Red Hat OpenShift (CVE-2025-14443)** | Une vulnérabilité dans le composant `openshift-apiserver` permet une élévation de privilèges. L'exploitation nécessite une authentification préalable. | PaaS OpenShift | 🟠 Important | ⚠️ Pas de correctif actuel. Nous sommes en attente du patch de l'éditeur Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnérabilité dans VMware vCenter (CVE-2025-41250)** | Une vulnérabilité (CVE-2025-41250) permet à un attaquant authentifié de modifier les emails de notification des tâches planifiées. | IaaS By VMware | 🟠 Important | ⚠️ Nous vous recommandons de planifier une montée de version de vCenter (vers 8.0 U3g ou 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnérabilité dans VMware Tools (Windows)** | Une vulnérabilité (CVE-2025-41246) affectant VMware Tools pour Windows permet une élévation de privilèges (nécessite un accès local authentifié). | IaaS By VMware | 🟡 Modérée | ⚠️ Nous vous recommandons de planifier une montée de version des VMware Tools Windows (vers 13.0.5 ou 12.5.4). |
| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnérabilité dans Dell ObjectScale (CVE-2025-26476)** | Une vulnérabilité (CVE-2025-26476) dans Dell ObjectScale (< 4.0.0.0) liée à l’utilisation de clés SSH codées en dur permet un accès local non authentifié. | Object Storage | 🟠 Important | ✅ La remédiation de vos environnements ObjectScale est prise en charge par Cloud Temple. Aucune action de votre part n’est nécessaire. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnérabilités importantes dans VMware ESXi** | Plusieurs vulnérabilités importantes affectent VMware ESXi. Des correctifs sont fournis par l’éditeur. | IaaS By VMware | 🟠 Important | ⚠️ Nous vous recommandons de mettre à jour vos hyperviseurs. Les versions ESXi corrigées sont disponibles dès leur validation par Cloud Temple. Console vous indique les ESXi nécessitant une mise à jour. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnérabilité dans VMware Tools (CVE-2025-41239)** | Une vulnérabilité (CVE-2025-41239) dans VMware Tools permet une divulgation d’informations sensibles via vSockets non initialisés. Des correctifs sont fournis par l’éditeur. | IaaS By VMware | 🟡 Modérée | ⚠️ Nous vous recommandons de mettre à jour VMware Tools sur vos machines virtuelles. Les versions VM Tools corrigées sont embarquées dans les packages ESXi mis à disposition par Cloud Temple. |
diff --git a/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index c65bd4bf..976602d6 100644
--- a/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/de/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -9,9 +9,12 @@ Diese Seite wird täglich aktualisiert, um neu identifizierte Schwachstellen zu
| Datum | Referenz(en) | CVSS | Titel | Beschreibung | Dienst(e) | Schwere | Behandlung |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Schwachstelle in Dell ObjectScale (CVE-2025-26476)** | Eine Schwachstelle (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) im Zusammenhang mit der Verwendung hartcodierter SSH-Schlüssel ermöglicht lokalen unauthentifizierten Zugriff. | Object Storage | 🟠 Important | ✅ Die Behebung Ihrer ObjectScale-Umgebungen wird von Cloud Temple übernommen. Es ist keine Aktion Ihrerseits erforderlich. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Wichtige Schwachstellen in VMware ESXi** | Mehrere wichtige Schwachstellen betreffen VMware ESXi. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Important | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind verfügbar, sobald sie von Cloud Temple validiert wurden. Console zeigt die ESXi an, die ein Update benötigen. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Schwachstelle in VMware Tools (CVE-2025-41239)** | Eine Schwachstelle (CVE-2025-41239) in VMware Tools ermöglicht die Preisgabe sensibler Informationen über nicht initialisierte vSockets. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟡 Moderat | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VM Tools-Versionen sind in den ESXi-Paketen enthalten, die von Cloud Temple zur Verfügung gestellt werden. |
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Schwachstelle in Red Hat OpenShift (CVE-2025-14443)** | Eine Schwachstelle in der Komponente `openshift-apiserver` ermöglicht eine Rechteausweitung (Privilege Escalation). Die Ausnutzung erfordert eine vorherige Authentifizierung. | PaaS OpenShift | 🟠 Wichtig | ⚠️ Aktuell kein Patch verfügbar. Wir warten auf den Patch des Herstellers Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Schwachstelle in VMware vCenter** | Eine Schwachstelle (CVE-2025-41250) ermöglicht es einem authentifizierten Angreifer, die Benachrichtigungs-E-Mails geplanter Aufgaben zu ändern. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, ein Upgrade von vCenter zu planen (auf 8.0 U3g oder 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Schwachstelle in VMware Tools (Windows)** | Eine Schwachstelle (CVE-2025-41246) in VMware Tools für Windows ermöglicht eine Rechteausweitung (erfordert lokalen authentifizierten Zugriff). | IaaS By VMware | 🟡 Moderat | ⚠️ Wir empfehlen Ihnen, ein Upgrade der VMware Tools für Windows zu planen (auf 13.0.5 oder 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Schwachstelle in Dell ObjectScale (CVE-2025-26476)** | Eine Schwachstelle (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) im Zusammenhang mit der Verwendung hartcodierter SSH-Schlüssel ermöglicht lokalen unauthentifizierten Zugriff. | Object Storage | 🟠 Wichtig | ✅ Die Behebung Ihrer ObjectScale-Umgebungen wird von Cloud Temple übernommen. Es ist keine Aktion Ihrerseits erforderlich. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Wichtige Schwachstellen in VMware ESXi** | Mehrere wichtige Schwachstellen betreffen VMware ESXi. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, Ihre Hypervisoren zu aktualisieren. Die korrigierten ESXi-Versionen sind verfügbar, sobald sie von Cloud Temple validiert wurden. Console zeigt die ESXi an, die ein Update benötigen. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Schwachstelle in VMware Tools (CVE-2025-41239)** | Eine Schwachstelle (CVE-2025-41239) in VMware Tools ermöglicht die Preisgabe sensibler Informationen über nicht initialisierte vSockets. Patches werden vom Hersteller bereitgestellt. | IaaS By VMware | 🟡 Mäßig | ⚠️ Wir empfehlen Ihnen, VMware Tools auf Ihren virtuellen Maschinen zu aktualisieren. Die korrigierten VM Tools-Versionen sind in den ESXi-Paketen enthalten, die von Cloud Temple zur Verfügung gestellt werden. |
| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **XCP-NG-Schwachstelle durch fehlerhafte Ausnahmebehandlung**
[Hersteller-Bulletin](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Eine Schwachstelle wurde in XCP-NG entdeckt, die es privilegiertem Code innerhalb einer virtuellen Maschine ermöglicht, einen Absturz des Hypervisors zu verursachen, was zu einem Denial of Service (DoS) des gesamten Hosts führen kann. | IaaS OpenSource | 🟡 Mäßig | ✅ Das Update Ihrer XCP-ng-Instanzen ist geplant, sobald die Patches von Cloud Temple validiert wurden. Kein Handeln Ihrerseits erforderlich. |
| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-90 | **XCP-NG-Vulnerabilitäten in den PV-Windows-Treibern (XSA-468)**
[Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Mehrere Schwachstellen (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) in den PV-Windows-Treibern ermöglichen es unprivilegierten Benutzern, Systemrechte innerhalb der Windows-VMs zu erlangen. | IaaS OpenSource | 🟠 Wichtig | ⚠️ Wir empfehlen Ihnen, die PV-Windows-Treiber Ihrer virtuellen Maschinen auf in der Sicherheitsmitteilung angegebenen korrigierten Versionen zu aktualisieren. ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Patches durch Cloud Temple geplant. |
| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-83/) | 4.9-6.5 | **XCP-NG-Vulnerabilitäten im Intel-Microcode und Xen (XSA-469, INTEL-SA)**
[Herausgeber-Bulletin](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sicherheitspatches für XCP-ng wurden veröffentlicht, die mehrere Schwachstellen im Intel-Microcode und Xen beheben. | IaaS OpenSource | 🟡 Mäßig | ✅ Die Aktualisierung Ihrer XCP-ng-Instanzen ist ab der Validierung der Patches durch Cloud Temple geplant. Keine Aktion von Ihrer Seite erforderlich. |
diff --git a/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index 734b014e..45f68c43 100644
--- a/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/en/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -9,6 +9,9 @@ This page is updated daily to account for newly identified vulnerabilities.
| Date | Reference(s) | CVSS | Title | Description | Service(s) | Severity | Treatment |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerability in Red Hat OpenShift (CVE-2025-14443)** | A vulnerability in the `openshift-apiserver` component allows privilege escalation. Exploitation requires prior authentication. | PaaS OpenShift | 🟠 Important | ⚠️ No current patch. We are awaiting the patch from the vendor Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerability in VMware vCenter** | A vulnerability (CVE-2025-41250) allows an authenticated attacker to modify notification emails for scheduled tasks. | IaaS By VMware | 🟠 Important | ⚠️ We recommend planning a vCenter version upgrade (to 8.0 U3g or 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerability in VMware Tools (Windows)** | A vulnerability (CVE-2025-41246) affecting VMware Tools for Windows allows privilege escalation (requires authenticated local access). | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend planning a VMware Tools for Windows version upgrade (to 13.0.5 or 12.5.4). |
| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerability in Dell ObjectScale (CVE-2025-26476)** | A vulnerability (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) related to the use of hard-coded SSH keys allows unauthenticated local access. | Object Storage | 🟠 Important | ✅ The remediation of your ObjectScale environments is handled by Cloud Temple. No action on your part is required. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Important Vulnerabilities in VMware ESXi** | Several important vulnerabilities affect VMware ESXi. Patches are provided by the vendor. | IaaS By VMware | 🟠 Important | ⚠️ We recommend updating your hypervisors. The corrected ESXi versions are available as soon as they are validated by Cloud Temple. Console indicates the ESXi requiring an update. |
| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerability in VMware Tools (CVE-2025-41239)** | A vulnerability (CVE-2025-41239) in VMware Tools allows sensitive information disclosure via uninitialized vSockets. Patches are provided by the vendor. | IaaS By VMware | 🟡 Moderate | ⚠️ We recommend updating VMware Tools on your virtual machines. The corrected VM Tools versions are included in the ESXi packages made available by Cloud Temple. |
diff --git a/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index 2da4d982..d745eb52 100644
--- a/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/es/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -9,9 +9,12 @@ Esta página se actualiza diariamente para tener en cuenta las vulnerabilidades
| Fecha | Referencia(s) | CVSS | Título | Descripción | Servicio(s) | Severidad | Tratamiento |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilidad en Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilidad (CVE-2025-26476) en Dell ObjectScale (< 4.0.0.0) relacionada con el uso de claves SSH codificadas permite acceso local no autenticado. | Object Storage | 🟠 Important | ✅ La remediación de sus entornos ObjectScale está a cargo de Cloud Temple. No se requiere ninguna acción de su parte. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilidades importantes en VMware ESXi** | Varias vulnerabilidades importantes afectan VMware ESXi. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟠 Important | ⚠️ Recomendamos actualizar sus hipervisores. Las versiones ESXi corregidas están disponibles tan pronto como son validadas por Cloud Temple. Console indica los ESXi que requieren actualización. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilidad en VMware Tools (CVE-2025-41239)** | Una vulnerabilidad (CVE-2025-41239) en VMware Tools permite la divulgación de información sensible a través de vSockets no inicializados. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟡 Modérée | ⚠️ Recomendamos actualizar VMware Tools en sus máquinas virtuales. Las versiones VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple. |
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerabilidad en Red Hat OpenShift (CVE-2025-14443)** | Una vulnerabilidad en el componente `openshift-apiserver` permite la escalada de privilegios. La explotación requiere autenticación previa. | PaaS OpenShift | 🟠 Importante | ⚠️ No hay parche actual. Estamos a la espera del parche del proveedor Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerabilidad en VMware vCenter** | Una vulnerabilidad (CVE-2025-41250) permite a un atacante autenticado modificar los correos electrónicos de notificación de tareas programadas. | IaaS By VMware | 🟠 Importante | ⚠️ Recomendamos planificar una actualización de versión de vCenter (a 8.0 U3g o 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerabilidad en VMware Tools (Windows)** | Una vulnerabilidad (CVE-2025-41246) que afecta a VMware Tools para Windows permite una escalada de privilegios (requiere acceso local autenticado). | IaaS By VMware | 🟡 Moderada | ⚠️ Recomendamos planificar una actualización de versión de VMware Tools para Windows (a 13.0.5 o 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilidad en Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilidad (CVE-2025-26476) en Dell ObjectScale (< 4.0.0.0) relacionada con el uso de claves SSH codificadas permite acceso local no autenticado. | Object Storage | 🟠 Importante | ✅ La remediación de sus entornos ObjectScale está a cargo de Cloud Temple. No se requiere ninguna acción de su parte. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilidades importantes en VMware ESXi** | Varias vulnerabilidades importantes afectan VMware ESXi. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟠 Importante | ⚠️ Recomendamos actualizar sus hipervisores. Las versiones ESXi corregidas están disponibles tan pronto como son validadas por Cloud Temple. Console indica los ESXi que requieren actualización. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilidad en VMware Tools (CVE-2025-41239)** | Una vulnerabilidad (CVE-2025-41239) en VMware Tools permite la divulgación de información sensible a través de vSockets no inicializados. Los parches son proporcionados por el proveedor. | IaaS By VMware | 🟡 Moderada | ⚠️ Recomendamos actualizar VMware Tools en sus máquinas virtuales. Las versiones VM Tools corregidas están incluidas en los paquetes ESXi puestos a disposición por Cloud Temple. |
| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilidad XCP-NG por un manejo inadecuado de excepciones**
[Boletín del editor](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | Se ha descubierto una vulnerabilidad en XCP-NG que permite a código privilegiado ejecutado desde una máquina virtual provocar un fallo del hipervisor, causando una denegación de servicio (DoS) del host completo. | IaaS OpenSource | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está planificada desde la validación de los parches por parte de Cloud Temple. No se requiere ninguna acción de su parte. |
| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilidades XCP-NG en los controladores PV de Windows (XSA-468)**
[Boletín del editor](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Múltiples vulnerabilidades (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) en los controladores PV de Windows permiten a usuarios no privilegiados obtener privilegios de sistema dentro de las VM de Windows. | IaaS OpenSource | 🟠 Importante | ⚠️ Recomendamos actualizar los controladores PV de Windows de sus máquinas virtuales a las versiones corregidas indicadas en el boletín de seguridad. ✅ La actualización de sus instancias XCP-ng está planificada tan pronto como Cloud Temple valide las correcciones. |
| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilidades XCP-NG en el microcódigo de Intel y Xen (XSA-469, INTEL-SA)**
[Boletín del editor](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Se han publicado parches de seguridad para XCP-ng, corrigiendo múltiples vulnerabilidades en el microcódigo de Intel y Xen. | IaaS OpenSource | 🟡 Moderada | ✅ La actualización de sus instancias XCP-ng está planificada tan pronto como Cloud Temple valide las correcciones. No es necesaria ninguna acción por su parte. |
diff --git a/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md b/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
index d78aad5b..6495e2a0 100644
--- a/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
+++ b/i18n/it/docusaurus-plugin-content-docs/current/console/security/security_alarms.md
@@ -9,9 +9,12 @@ Questa pagina viene aggiornata quotidianamente per tenere conto delle vulnerabil
| Data | Riferimento(i) | CVSS | Titolo | Descrizione | Servizio(i) | Gravità | Trattamento |
|---------------------|-----------------|-------------|--------------|---------|-------------|----------------|-------------|
-| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilità in Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilità (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) relativa all'uso di chiavi SSH codificate consente l'accesso locale non autenticato. | Object Storage | 🟠 Important | ✅ La risoluzione dei vostri ambienti ObjectScale è gestita da Cloud Temple. Non è richiesta alcuna azione da parte vostra. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilità importanti in VMware ESXi** | Diverse vulnerabilità importanti interessano VMware ESXi. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟠 Important | ⚠️ Raccomandiamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena vengono convalidate da Cloud Temple. Console indica gli ESXi che richiedono un aggiornamento. |
-| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilità in VMware Tools (CVE-2025-41239)** | Una vulnerabilità (CVE-2025-41239) in VMware Tools consente la divulgazione di informazioni sensibili tramite vSockets non inizializzati. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟡 Modérée | ⚠️ Raccomandiamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni VM Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple. |
+| 23/12/2025 | [CVE-2025-14443](https://access.redhat.com/security/cve/CVE-2025-14443) | 8.5 | **Vulnerabilità in Red Hat OpenShift (CVE-2025-14443)** | Una vulnerabilità nel componente `openshift-apiserver` consente l'escalation dei privilegi. Lo sfruttamento richiede un'autenticazione precedente. | PaaS OpenShift | 🟠 Importante | ⚠️ Nessuna patch attuale. Siamo in attesa della patch dal fornitore Red Hat. |
+| 30/09/2025 | [VMSA-2025-0016](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36150) | 8.5 | **VMSA-2025-0016 : Vulnerabilità in VMware vCenter** | Una vulnerabilità (CVE-2025-41250) consente a un attaccante autenticato di modificare le email di notifica delle attività pianificate. | IaaS By VMware | 🟠 Importante | ⚠️ Raccomandiamo di pianificare un aggiornamento di versione di vCenter (alla 8.0 U3g o 7.0 U3w). |
+| 30/09/2025 | [VMSA-2025-0015](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149) | 7.6 | **VMSA-2025-0015 : Vulnerabilità in VMware Tools (Windows)** | Una vulnerabilità (CVE-2025-41246) che interessa VMware Tools per Windows consente l'escalation dei privilegi (richiede accesso locale autenticato). | IaaS By VMware | 🟡 Moderata | ⚠️ Raccomandiamo di pianificare un aggiornamento di versione di VMware Tools per Windows (alla 13.0.5 o 12.5.4). |
+| 07/08/2025 | [DSA-2025-154](https://www.dell.com/support/kbdoc/en-us/000262308/dsa-2025-154-security-update-for-dell-ecs-and-objectscale-use-of-hard-coded-ssh-cryptographic-key-vulnerability) | 8.4 | **DSA-2025-154 : Vulnerabilità in Dell ObjectScale (CVE-2025-26476)** | Una vulnerabilità (CVE-2025-26476) in Dell ObjectScale (< 4.0.0.0) relativa all'uso di chiavi SSH codificate consente l'accesso locale non autenticato. | Object Storage | 🟠 Importante | ✅ La risoluzione dei vostri ambienti ObjectScale è gestita da Cloud Temple. Non è richiesta alcuna azione da parte vostra. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 9.3 | **VMSA-2025-0013 : Vulnerabilità importanti in VMware ESXi** | Diverse vulnerabilità importanti interessano VMware ESXi. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟠 Importante | ⚠️ Raccomandiamo di aggiornare i vostri hypervisor. Le versioni ESXi corrette sono disponibili non appena vengono convalidate da Cloud Temple. Console indica gli ESXi che richiedono un aggiornamento. |
+| 15/07/2025 | [VMSA-2025-0013](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/VMSA-2025-0013--VMware-ESXi--Workstation--Fusion--and-Tools-updates-address-multiple-vulnerabilities--CVE-2025-41236--CVE-2025-41237--CVE-2025-41238--CVE-2025-41239-/35877) | 7.1 | **VMSA-2025-0013 : Vulnerabilità in VMware Tools (CVE-2025-41239)** | Una vulnerabilità (CVE-2025-41239) in VMware Tools consente la divulgazione di informazioni sensibili tramite vSockets non inizializzati. Le correzioni sono fornite dal fornitore. | IaaS By VMware | 🟡 Moderata | ⚠️ Raccomandiamo di aggiornare VMware Tools sulle vostre macchine virtuali. Le versioni VM Tools corrette sono incluse nei pacchetti ESXi messi a disposizione da Cloud Temple. |
| 01/07/2025 | [XSA-470](https://xenbits.xen.org/xsa/advisory-470.html) | N/A | **Vulnerabilità XCP-NG dovuta a una gestione errata delle eccezioni**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/07/03/july-2025-security-and-maintenance-update-for-xcp-ng-8-2-lts/) | È stata scoperta una vulnerabilità in XCP-NG che consente a codice privilegiato, eseguito da una macchina virtuale, di causare un crash dell'hypervisor, provocando un'interruzione di servizio (DoS) dell'intero host. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle vostre istanze XCP-ng è pianificato non appena le patch saranno convalidate da Cloud Temple. Nessuna azione da parte vostra è necessaria.|
| 23/05/2025 | [XSA-468](https://xenbits.xen.org/xsa/advisory-468.html) | 8.8-9.0 | **Vulnerabilità XCP-NG nei driver PV Windows (XSA-468)**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/05/27/xsa-468-windows-pv-driver-vulnerabilities/) | Diverse vulnerabilità (CVE-2025-27462, CVE-2025-27463, CVE-2025-27464) nei driver PV Windows consentono a utenti non privilegiati di ottenere privilegi di sistema all'interno delle VM Windows. | IaaS OpenSource | 🟠 Importante | ⚠️ Si consiglia di aggiornare i driver PV Windows delle proprie macchine virtuali alle versioni corrette indicate nel bollettino di sicurezza. ✅ L'aggiornamento delle proprie istanze XCP-ng è pianificato non appena le correzioni saranno validate da Cloud Temple. |
| 22/05/2025 | [XSA-469, INTEL-SA](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | 4.9-6.5 | **Vulnerabilità XCP-NG nel microcodice Intel e Xen (XSA-469, INTEL-SA)**
[Bollettino dell'editore](https://xcp-ng.org/blog/2025/05/14/may-2025-security-update-for-xcp-ng-8-2-8-3/) | Sono state pubblicate correzioni di sicurezza per XCP-ng, che risolvono diverse vulnerabilità nel microcodice Intel e Xen. | IaaS OpenSource | 🟡 Moderata | ✅ L'aggiornamento delle proprie istanze XCP-ng è pianificato non appena le correzioni saranno validate da Cloud Temple. Nessuna azione è richiesta da parte vostra.|