Third-Party Package Updates in Splunk/Splunk Docker - June 2025

Advisory ID: SVD-2025-0607

CVE ID: Multiple

Published: 2025-06-23

Last Update: 2025-07-16

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the “splunk/splunk“ Docker image with image tags “9.4.2“, “9.3.4“, “9.2.6“, “9.1.9“, and “latest“. Docker images with tags “9.4“, “9.3“, “9.2“, and “9.1“ also include these fixes.

The fixes that applied to the following list of advisories also apply to this advisory. You can review each advisory to see its details:
- SVD-2025-0601
- SVD-2025-0603

Third Party packages remedied include the following:

PackageRemediationCVESeverity
Busybox1RemovedCVE-2023-42366Medium

1 Removed Busybox from /usr/bin/busybox.

Solution

Upgrade your splunk/splunk Docker image to the most up-to-date version using the Docker image with tag “latest“.


Depending on the version of your image or container, you can also upgrade using images with tags “9.4.2“, “9.3.4“, “9.2.6“, “9.1.9“ or higher, or, alternatively, with tags “9.4“, “9.3“, “9.2“, “9.1“ or higher.

Product Status

ProductBase VersionAffected VersionFix Version
splunk/splunk9.49.4.19.4.2
splunk/splunk9.39.3.0 to 9.3.39.3.4
splunk/splunk9.29.2.0 to 9.2.59.2.6
splunk/splunk9.19.1.0 to 9.1.89.1.9

Severity

For the CVEs in this list, Splunk adopted the severity rating that the vendor published.

Changelog

  • 2025-07-16: Removed Golang CVEs. For details, refer to SVD-2025-0603.