Third-Party Package Updates in Splunk Operator for Kubernetes - June 2025
Advisory ID: SVD-2025-0609
CVE ID: Multiple
Published: 2025-06-23
Last Update: 2025-06-23
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Splunk Operator for Kubernetes version 2.8.0, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| golang.org/grpc | Upgraded to 1.58.3 | CVE-2023-44487 | High |
| github.com/golang-jwt/jwt/v5 | Upgraded to 5.2.2 | CVE-2025-30204 | High |
| go://golang.org/x/net | Upgraded to 0.36.0 | CVE-2025-22870 | Medium |
Solution
Upgrade Splunk Operator for Kubernetes to version 2.8.0 or higher.
See Splunk Operator for Kubernetes releases
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Operator for Kubernetes | 2.8 | Below 2.8.0 | 2.8.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.