Third-Party Package Updates in Splunk Universal Forwarder - July 2025

Advisory ID: SVD-2025-0711

CVE ID:  Multiple

Published: 2025-07-07

Last Update: 2025-07-07

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher, including the following:

PackageRemediationCVESeverity
OpenSSLUpgraded to v1.0.2zlCVE-2024-13176Low
OpenSSLUpgraded to v1.0.2zlCVE-2024-9143Informational

Solution

Upgrade Splunk Universal Forwarder to versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk Universal Forwarder9.49.4.0 to 9.4.29.4.3
Splunk Universal Forwarder9.39.3.0 to 9.3.49.3.5
Splunk Universal Forwarder9.29.2.0 to 9.2.69.2.7
Splunk Universal Forwarder9.19.1.0 to 9.1.99.1.10

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.