Third-Party Package Updates in Microsoft Azure SQL App - April 2025
Advisory ID: SVD-2025-0413
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Microsoft Azure SQL version 3.0.2 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| pcre1 | Upgraded to pcre2 10.32 | Multiple | High |
1 Microsoft Azure SQL upgraded pcre to pcre2 in microsoftazuresql/wheels/py39/pymssql-2.3.1-cp39-cp39-manylinux_2_28_x86_64/pymssql.libs folder to remedy multiple CVE’s
Solution
Upgrade Microsoft Azure SQL to version 3.0.2 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Microsoft Azure SQL | 3.0.2 | Below 3.0.2 | 3.0.2 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.