Geneos 7.x Security Updates
This page contains security updates for all Geneos 7.x releases.
To learn more about the supported Geneos versions and new features in the Geneos 7.x release, see the following documents:
Geneos 7.5.0
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AA-7241
CVE-2024-11407 (Medium)
Updated the gRPC library to version 1.69.0 to address the security vulnerability.
Gateway, Netprobe, Fix Analyser 2 Netprobe
Geneos 7.5.0
AA-7337
CVE-2025-31498 (High)
Updated the c-ares library to version 1.34.5 to address the security vulnerability.
Gateway, Netprobe, Fix Analyser 2 Netprobe
Geneos 7.5.0
COL-8403
CVE-2014-5461 (High)
Removed the third-party Lua static library to address the security vulnerability. This change does not affect any functionality.
Netprobe
Geneos 7.5.0
COL-12641
CVE-2025-49146 (BDSA-2025-5099) (High)
Updated the PostgreSQL JDBC driver to version 42.7.7 to address the security vulnerability.
JDBC Collection Agent plugin
Geneos 7.5.0, JDBC 5.0.1
UTL-1375
CVE-2025-49796 (Important)
CVE-2025-49794 (Important)
CVE-2025-6021 (Moderate)
Updated the Geneos Docker base image to ubi9-minimal:9.6-1752069876 to resolve the security vulnerabilities.
Docker Image
Geneos 7.5.0
UTL-1376
CVE-2025-49794 (Important)
CVE-2025-49796 (Important)
CVE-2025-47273 (Moderate)
CVE-2025-6021 (Moderate)
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.3.0 to resolve the security vulnerabilities.
Docker Image
Geneos 7.5.0
UTL-1377
CVE-2024-52533 (Moderate)
CVE-2025-4373 (Moderate)
Updated the Geneos Docker base image to ubi9-minimal:9.6-1752587672 to resolve the security vulnerabilities.
Docker Image
Geneos 7.5.0
UTL-1378
CVE-2025-30749 (Important)
CVE-2025-50059 (Important)
CVE-2025-50106 (Important)
CVE-2025-4373 (Moderate)
CVE-2024-52533 (Moderate)
CVE-2025-30754 (Moderate)
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.3.0 to resolve the security vulnerabilities.
Docker Image
Geneos 7.5.0
UTL-1381
CVE-2025-6965 (Important)
Updated the Geneos Docker base image to ubi9-minimal:9.6-1753762263 to resolve the security vulnerability.
Docker Image
Geneos 7.5.0
UTL-1390
CVE-2025-7425 (Important)
Updated the Geneos Docker base image to ubi9-minimal:9.6-1754000177 to resolve the security vulnerability.
Docker Image
Geneos 7.5.0
UTL-1394
CVE-2025-8058 (Moderate)
Updated the Geneos Docker base image to ubi9-minimal:9.6-1754356396 to resolve the security vulnerability.
Docker Image
Geneos 7.5.0
UTL-1396
CVE-2025-6965 (Important)
CVE-2025-7425 (Important)
CVE-2024-52615 (Moderate)
CVE-2025-8058 (Moderate)
Updated the Docker base images of Collection Agent versions 4.5.1 and 6.0.0 to resolve the security vulnerabilities.
Docker Image
Geneos 7.5.0
Geneos 7.4.0
Copied
Geneos versions 7.4.0 and 7.4.1 have been withdrawn and are no longer available for download due to a discovered memory leak.
We recommend upgrading to Geneos version 7.4.2. For more information on the components packaged with this release, refer to the Geneos 7.x Release Notes .
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
COL-12554
CVE-2016-9840 (BDSA-2016-1107)
Updated the Boost C++ Libraries to version 1.88.0 to address the security vulnerability.
File Agent, Fix Analyser 2 Netprobe, Gateway, Netprobe
Geneos 7.4.0
UTL-1335
CVE-2024-8176 (Medium)
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.1.0 to resolve the the security vulnerability.
Docker Image
Geneos 7.4.0
UTL-1338
CVE-2025-0395 (Medium)
Updated the Geneos Docker base images to ubi9-minimal:9.5-1742914212 to resolve the security vulnerability.
Docker Image
Geneos 7.4.0
UTL-1339
CVE-2025-0395 (Medium)
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.1.0 to resolve the the security vulnerability.
Docker Image
Geneos 7.4.0
UTL-1341
CVE-2020-11023 (Medium)
CVE-2025-24528 (Medium)
CVE-2024-12133 (Medium)
CVE-2024-12243 (Medium)
Updated the Geneos Docker base images to ubi9-minimal:9.6-1747218906 to resolve the security vulnerabilities.
Docker Image
Geneos 7.4.0
UTL-1342
CVE-2024-12133 (Medium)
CVE-2025-24528 (Medium)
CVE-2025-0938 (Medium)
CVE-2024-12243 (Medium)
CVE-2024-8176 (Medium)
CVE-2024-12087 (Medium)
CVE-2024-52616 (Medium)
CVE-2024-12747 (Medium)
CVE-2024-12088 (Medium)
Updated the Docker base image of Collection Agent version 4.5.1 and created the Docker image for Collection Agent version 5.3.0, including all updated Collection Agent plugins packaged with Geneos 7.4.0:
AWS Collection Agent plugin 5.2.0
Azure Collection Agent plugin 5.1.1
Kubernetes Collection Agent plugin 5.2.1
Opentelemetry Collection Agent plugin 5.3.0
gRPC Collection Agent plugin 5.3.0
These updates resolve the security vulnerabilities.
Docker Image
Geneos 7.4.0
Geneos 7.3.1
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
UTL-1337
CVE-2025-21587 (Medium)
CVE-2025-30698 (Medium)
CVE-2025-30691 (Medium)
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.1.0 to resolve the security vulnerabilities.
Docker Image
Geneos 7.3.1
VI-9959
BDSA-2025-2270
BDSA-2025-2271
The Spring Security libraries used by the Web Server have been upgraded to version 6.4.4 to address the security vulnerabilities.
Web Server
Geneos 7.3.1
Geneos 7.3.0
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AZUREMON-559, HAAW-495
CVE-2025-24970 (BDSA-2025-1033)
CVE-2025-25193 (BDSA-2025-1031)
Updated Netty to version 4.1.118.Final to address the security vulnerabilities.
AWS plugin, Azure Monitor plugin
Geneos 7.3.0, AWS 5.1.1, Azure 5.0.2
UTL-1321
CVE-2024-12797
CVE-2022-49043
CVE-2020-11023
Updated the Docker base image of Collection Agent version 5.0.2 to resolve the security vulnerabilities.
Docker Image
Geneos 7.3.0
UTL-1325
CVE-2025-24928
CVE-2024-56171
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.0.2 to resolve the security vulnerabilities.
Docker Image
Geneos 7.3.0
UTL-1326
CVE-2025-24928
CVE-2024-56171
Updated the Geneos Docker base image to ubi9-minimal:9.5-1741850109 to resolve the security vulnerabilities.
Docker Image
Geneos 7.3.0
UTL-1334
CVE-2025-27363
Updated the Docker base images of Collection Agent versions 4.5.1 and 5.1.0 to resolve the security vulnerability.
Docker Image
Geneos 7.3.0
VI-9936
CVE-2023-1370
BDSA-2025-0966
The json-smart libraries in the Active Console and Web Server have been upgraded to 2.5.2 to resolve the security vulnerabilities.
Active Console, Web Server
Geneos 7.3.0
Geneos 7.2.0
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
UTL-1322
CVE-2022-49043
Updated the Collection Agent Docker base images for versions 4.5.1 and 5.0.2 to address the security vulnerability CVE-2022-49043 .
Docker Image
Geneos 7.2.2
COL-12470
CVE-2024-12801 (BDSA-2024-9861)
CVE-2024-12798 (BDSA-2024-9866)
Updated logback to 1.5.16 to address the security vulnerabilities.
Netprobe
Geneos 7.2.0
VI-9496, VI-9873
BDSA-2024-6258
BDSA-2024-7391
BDSA-2024-8653
CVE-2016-1000027 (Critical)
CVE-2024-38820 (BDSA-2024-7393)
Upgraded the Spring Framework libraries in the Web Server to 6.2.1 to address the security vulnerabilities.
Web Server
Geneos 7.2.0
VI-9894
BDSA-2024-8949 (Medium)
The Spring LDAP library in the Web Server has been upgraded to 3.2.10 to address the security vulnerability.
Web Server
Geneos 7.2.0
VI-9906
BDSA-2024-8942 (Medium)
The Spring Security libraries in the Web Server have been upgraded to 6.4.2 to address the security vulnerability.
Web Server
Geneos 7.2.0
HAAW-491
CVE-2024-31141 (BDSA-2024-9369)
Updated Apache Kafka 3.7.1 to version 3.8.0-rc0 to address the security vulnerability.
AWS plugin
Geneos 7.2.0
Geneos 7.1.1
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AA-7229
CVE-2024-3596 (High)
CVE-2024-26462 (Medium)
CVE-2024-26461 (Medium)
CVE-2024-26458 (Medium)
CVE-2024-2236 (Medium)
CVE-2024-4741 (Low)
CVE-2024-4603 (Low)
CVE-2024-2511 (Low)
CVE-2024-5535 (Low)
Updated Geneos and Netprobe base Docker images to 9.5-1731604394 to address the security vulnerabilities.
Docker Image
Geneos 7.1.1
AZUREMON-553, C2-457, COL-12421
CVE-2024-47535 (High)
Updated Netty to 4.1.115.Final to address the security vulnerability.
Azure Monitor, Collection Agent, Netprobe
Geneos 7.1.1
COL-12380
CVE-2024-8096 (BDSA-2024-6196) (Medium)
CVE-2024-7264 (BDSA-2024-5030) (Low)
CVE-2024-6874 (BDSA-2024-4662) (Low)
CVE-2024-6197 (BDSA-2024-4663) (Medium)
Updated the curl version from 8.8.0 to 8.10.1 to address the security vulnerabilities.
Gateway, Netprobe
Geneos 7.1.1
HAAW-481
CVE-2024-47561(BDSA-2024-6954) (High)
Updated the Apache Avro dependency of the AWS Kinesis client to 1.11.4 to address the security vulnerability.
AWS Plugin
Geneos 7.1.1
UTL-1308
CVE-2023-5869
CVE-2021-32027
CVE-2020-25695
CVE-2020-25694
CVE-2016-0773
CVE-2016-5423
CVE-2016-5424
CVE-2023-39417
CVE-2020-25696
CVE-2020-14350
CVE-2020-14349
CVE-2021-32029
CVE-2021-32028
CVE-2015-0243
CVE-2015-0241
CVE-2015-3165
CVE-2024-10978
CVE-2018-1115
CVE-2015-3166
CVE-2024-4317
CVE-2023-39418
CVE-2015-3167
CVE-2015-0244
postgres dependencies have been removed from the Gateway and Netprobe Docker images to address the security vulnerabilities.Docker Image
Geneos 7.1.1
VI-9888
sonatype-2024-3350 (High)
The Apache Commons Collection java library has been updated to Apache Commons Collection version 4.4 to address the security vulnerability.
Active Console
Geneos 7.1.1
Geneos 7.1.0
Copied
Issue Key
CVE Number and Severity
Description
Affected Components
Fix Version
AA-6974
BDSA-2024-0444 (Medium)
The c-ares library has been updated to version 1.34.1 to address the security vulnerability.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
AA-7170
BDSA-2024-4704 (High)
BDSA-2024-2491 (Medium)
The libxml2 has been updated to version 2.13.4 to address the security vulnerabilities.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
AA-7171
CVE-2023-44487 (High)
BDSA-2024-5199 (High)
BDSA-2023-2427 (CVE-2023-4785) (Medium)
BDSA-2023-2140 (CVE-2023-33953) (Medium)
The gRPC library has been updated to version 1.67.0 to address the security vulnerabilities.
Gateway, Netprobe, Fix-Analyser 2 Netprobe
Geneos 7.1.0
COL-12288
CVE-2024-7254 (High)
The proto-google-common-protos dependency has been updated to version 2.46.0 to remove the transitive dependency to the vulnerable protobuf-java library.
Netprobe
Geneos 7.1.0
VI-9804
CVE-2023-35116 (Medium)
The Jackson databind library in the Active Console has been upgraded to 2.18.0 to address the security vulnerability.
Active Console
Geneos 7.1.0
VI-9852
BDSA-2024-5369 (Medium)
BDSA-2024-5371 (Medium)
The Spring Framework libraries in the Web Server have been upgraded to 5.3.39 to address the security vulnerabilities.
Web Server
Geneos 7.1.0
VI-9881
BDSA-2024-7228 (Medium)
BDSA-2024-7229 (Medium)
The Jetty libraries in the Web Server have been upgraded to 9.4.56.v20240826 to address the security vulnerabilities.
Web Server
Geneos 7.1.0
VI-9886
BDSA-2024-7762 (High)
The Spring Security libraries in the Web Server have been upgraded to 5.8.15 to address the security vulnerability.
Web Server
Geneos 7.1.0
Geneos 7.0.4
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
COL-12287
CVE-2024-7254
High
Updated the following to address CVE-2024-7254:
protobuf-java library to version 3.25.5proto-google-common-protos to version 2.45.1collection-agent and the corresponding collection dependencies to version 4.7.0obcerv-platform-api to version 2.7.0
Collection Agent, Netprobe
Geneos 7.0.4
HAAW-479
BDSA-2024-6519 (CVE-2024-7254)
High
Updated the protobuf-java dependency to address: BDSA-2024-6519 (CVE-2024-7254).
AWS
Geneos 7.0.4
UTL-1246
CVE-2024-6119
Medium
Updated the xnio module to version 3.8.16 to address the following security vulnerabilities:
BDSA-2023-3831
BDSA-2022-1913 (CVE-2022-0084)
SSO Agent
Geneos 7.0.4
UTL-1287
CVE-2024-6119
High
The undertow-core module has been updated to version 2.3.17 to address the following security vulnerabilities:
BDSA-2024-5641 (CVE-2024-7885)
BDSA-2024-0321
BDSA-2024-4198
BDSA-2022-4041 (CVE-2022-4492)
BDSA-2024-3899
BDSA-2023-2318 (CVE-2023-3223)
BDSA-2023-3683
BDSA-2024-4195
BDSA-2023-0526 (CVE-2023-1108)
BDSA-2024-0322 (CVE-2024-1459)
BDSA-2022-2482
SSO Agent
Geneos 7.0.4
VI-9875
CVE-2024-47554
High
The Commons IO library in the Web Server has been upgraded to version 2.17.0 to address the security vulnerability: CVE-2024-47554.
Web Server
Geneos 7.0.4
Geneos 7.0.3
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
AA-7181
CVE-2024-6119
Medium
Updated the base images of Gateway and Netprobe Docker containers to UBI 9.4-1227.1726694542 to address the security vulnerability: CVE-2024-6119.
Docker Image
Geneos 7.0.3
Geneos 7.0.2
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
AA-7169
CVE-2024-34397
Medium
Updated the base images of Gateway and Netprobe Docker containers to UBI 9.4-1227.1725849298 to address the security vulnerability: CVE-2024-34397.
Docker Image
Geneos 7.0.2
HAAW-478
CVE-2023-5072
High
Updated the org.json:json dependency used by the Amazon Kinesis Client to version 20240303 to address the security vulnerability: CVE-2023-5072.
AWS
Geneos 7.0.2
Geneos 7.0.x
Copied
Issue Key
CVE Number
CVE Severity
Description
Affected Components
Fix Version
COL-11885
CVE-2023-40400 (BDSA 2023-2588)
High
The libpcap has been upgraded to 1.11.0 to address the security vulnerability: CVE-2023-40400 (BDSA 2023-2588).
Netprobe
Geneos 7.0.0
VI-9820
QID 150896
High
The Web Dashboard no longer shows Java Stack Traces when an exception occurs during loading. This addresses the security vulnerability: QID 150896.
Web Server
Geneos 7.0.0
COL-12154
CVE-2024-35255
Medium
Updated the Azure identity dependency to address the security vulnerability: CVE-2024-35255.
Azure Monitor
Geneos 7.0.0
["Geneos"] ["Geneos > Other"]
["Release Notes", "Upgrade Notes", "Security Updates"]