Third-Party Package Updates in Splunk Connect for Syslog - April 2025
Advisory ID: SVD-2025-0417
CVE ID: Multiple
Published: 2025-04-09
Last Update: 2025-04-09
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Connect for Syslog App version 3.34.3 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| virtualenv | Upgraded to 20.29.2 | CVE-2024-53899 | High |
| certifi | Upgraded to 2025.1.31 | CVE-2024-39689 | High |
| tornado | Upgraded to 6.4.2 | CVE-2024-52804 | High |
Solution
Upgrade Splunk Connect for Syslog to version 3.34.3 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Connect for Syslog | 3.34 | Below 3.34.3 | 3.34.3 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.