Third-Party Package Updates in Splunk Enterprise - December 2025
Advisory ID: SVD-2025-1209
CVE ID: CVE-2025-47273
Published: 2025-12-03
Last Update: 2025-12-03
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.0.2, 9.4.6, 9.3.8, 9.2.10, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| setuptools1 | Manually Patched | CVE-2025-47273 | High |
1 Applied a manual patch to remediate CVE-2025-47273 in the setuptools package located at /opt/splunk/lib/python3.9/site-packages/setuptools. Upgraded the Activestate-provided setuptools package for Python 3.7 at /opt/splunk/lib/python3.7/site-packages/setuptools to Activestate Setuptools v68.0.0.2, which includes the vendor-supplied fix for CVE-2025-47273.
Solution
Upgrade Splunk Enterprise to versions 10.0.2, 9.4.6, 9.3.8, 9.2.10, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Enterprise | 10.0 | Below 10.0.2 | 10.0.2 |
| Splunk Enterprise | 9.4 | 9.4.0 to 9.4.5 | 9.4.6 |
| Splunk Enterprise | 9.3 | 9.3.0 to 9.3.7 | 9.3.8 |
| Splunk Enterprise | 9.2 | 9.2.0 to 9.2.9 | 9.2.10 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.