Third-Party Package Updates in Microsoft Azure SQL App - April 2025

Advisory ID: SVD-2025-0413

CVE ID: Multiple

Published: 2025-04-09

Last Update: 2025-04-09

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Microsoft Azure SQL version 3.0.2 and higher, including the following:

PackageRemediationCVESeverity
pcre1Upgraded to pcre2 10.32MultipleHigh

1 Microsoft Azure SQL upgraded pcre to pcre2 in microsoftazuresql/wheels/py39/pymssql-2.3.1-cp39-cp39-manylinux_2_28_x86_64/pymssql.libs folder to remedy multiple CVE’s

Solution

Upgrade Microsoft Azure SQL to version 3.0.2 or higher.

Product Status

ProductVersionComponentAffected VersionFix Version
Microsoft Azure SQL3.0.2Below 3.0.23.0.2

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.