Third-Party Package Updates in Splunk Enterprise - March 2025

Advisory ID: SVD-2025-0308

CVE ID:  Multiple

Published: 2025-03-26

Last Update: 2025-03-26

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 9.4.1, 9.3.3, 9.2.5, 9.1.8, and higher, including the following:

PackageRemediationCVESeverity
idnaUpgraded to v3.8CVE-2024-3651Medium
pythonUpgraded to v3.9.20CVE-2024-6923Medium

Solution

Upgrade Splunk Enterprise to versions 9.4.1, 9.3.3, 9.2.5, 9.1.8, or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise9.49.4.09.4.1
Splunk Enterprise9.39.3.0 to 9.3.29.3.3
Splunk Enterprise9.29.2.0 to 9.2.49.2.5
Splunk Enterprise9.19.1.0 to 9.1.79.1.8

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.