Third-Party Package Updates in Splunk Universal Forwarder - July 2025
Advisory ID: SVD-2025-0711
CVE ID: Multiple
Published: 2025-07-07
Last Update: 2025-07-16
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| OpenSSL | Upgraded to v1.0.2zl | CVE-2024-13176 | Low |
| OpenSSL1 | Upgraded to v1.0.2zl | CVE-2024-9143 | Informational |
1 Splunk Enterprise’s and Universal Forwarder’s OpenSSL is not affected by CVE-2024-9143. However, Splunk upgraded OpenSSL to v1.0.2zl to mitigate CVE-2024-13176.
Solution
Upgrade Splunk Universal Forwarder to versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Universal Forwarder | 9.4 | 9.4.0 to 9.4.2 | 9.4.3 |
| Splunk Universal Forwarder | 9.3 | 9.3.0 to 9.3.4 | 9.3.5 |
| Splunk Universal Forwarder | 9.2 | 9.2.0 to 9.2.6 | 9.2.7 |
| Splunk Universal Forwarder | 9.1 | 9.1.0 to 9.1.9 | 9.1.10 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.
Changelog
- 2025-07-16: Updated the OpenSSL note description with information related to CVE-2024-9143 and CVE-2024-13176.