Third-Party Package Updates in Juniper SRX App - April 2025
Advisory ID: SVD-2025-0415
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Juniper SRX version 2.0.17 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| libxml21 | Upgraded to 2.12.9 | Multiple | High |
1 Juniper SRX Server upgraded libxml2 in junipersrx/wheels/py36/lxml-5.3.0-cp36-cp36m-manylinux_2_28_x86_64/lxml and junipersrx/wheels/py39/lxml-5.3.0-cp36-cp36m-manylinux_2_28_x86_64/lxmlfolders to remedy multiple CVEs
Solution
Upgrade Juniper SRX to version 2.0.17 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Juniper SRX | 2.0.17 | Below 2.0.17 | 2.0.17 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.