Third-Party Package Updates in Splunk/UniversalForwarder Docker - June 2025
Advisory ID: SVD-2025-0608
CVE ID: Multiple
Published: 2025-06-23
Last Update: 2025-06-23
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in the “splunk/universalforwarder“ Docker image with image tags “9.4.2“, “9.3.4“, “9.2.6“, “9.1.9“, and “latest“. Docker images with tags “9.4“, “9.3“, “9.2“, and “9.1“, also include these fixes.
Third Party packages remedied include the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| Busybox1 | Package Removed | CVE-2023-42366 | Medium |
| golang2 | Upgraded to v27.1.1 | CVE-2024-41110 | Medium |
| golang3 | Upgraded to v1.24.0 | CVE-2024-24790 | Medium |
1 Removed Busybox at /usr/bin/busybox.
2 Upgrade golang at /opt/splunk/bin/compsup to v27.1.1
3 Upgrade golang at /opt/splunk/bin/etcdctl to v1.24.0
Solution
Upgrade your “splunk/universalforwarder“ Docker image to the most up-to-date version using the Docker image with tag “latest“.
Depending on the version of your image or container, you can also upgrade using images with tags “9.4.2“, “9.3.4“, “9.2.6“, “9.1.9“ or higher, or, alternatively, with tags “9.4“, “9.3“, “9.2“, “9.1“ or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| splunk/universalforwarder | 9.4 | 9.4.1 | 9.4.2 |
| splunk/universalforwarder | 9.3 | 9.3.0 to 9.3.3 | 9.3.4 |
| splunk/universalforwarder | 9.2 | 9.2.0 to 9.2.5 | 9.2.6 |
| splunk/universalforwarder | 9.1 | 9.1.0 to 9.1.8 | 9.1.9 |
Severity
For the CVEs in this list, Splunk adopted the severity rating that the vendor published.