Third-Party Package Updates in Splunk AppDynamics Smart Agent - June 2025
Advisory ID: SVD-2025-0610
CVE ID: Multiple
Published: 2025-06-23
Last Update: 2025-06-23
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Smart Agent version 25.5.1, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| golang1 | Upgraded to v1.24.2 | Multiple | Critical |
| golang.org/x/crypto | Upgraded to v0.38.0 | CVE-2025-22869 | High |
| golang.org/x/net2 | Upgraded to v0.40 | Multiple | Medium |
1 Upgraded golang from v1.23.3 to v1.24.2 to remedy CVE-2025-22871, CVE-2025-22866, CVE-2024-45336 and CVE-2024-45341
2 Upgraded golang from v0.34 to v0.40 to remedy CVE-2025-22872 and CVE-2025-22870
Solution
Upgrade Splunk AppDynamics Smart Agent to versions 25.5.1, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Smart Agent | 25.5.1 | Below 25.5.1 | 25.5.1 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.