Third-Party Package Updates in Splunk Universal Forwarder - July 2025

Advisory ID: SVD-2025-0711

CVE ID:  Multiple

Published: 2025-07-07

Last Update: 2025-07-16

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Universal Forwarder versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher, including the following:

PackageRemediationCVESeverity
OpenSSLUpgraded to v1.0.2zlCVE-2024-13176Low
OpenSSL1Upgraded to v1.0.2zlCVE-2024-9143Informational

1 Splunk Enterprise’s and Universal Forwarder’s OpenSSL is not affected by CVE-2024-9143. However, Splunk upgraded OpenSSL to v1.0.2zl to mitigate CVE-2024-13176.

Solution

Upgrade Splunk Universal Forwarder to versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk Universal Forwarder9.49.4.0 to 9.4.29.4.3
Splunk Universal Forwarder9.39.3.0 to 9.3.49.3.5
Splunk Universal Forwarder9.29.2.0 to 9.2.69.2.7
Splunk Universal Forwarder9.19.1.0 to 9.1.99.1.10

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.

Changelog

  • 2025-07-16: Updated the OpenSSL note description with information related to CVE-2024-9143 and CVE-2024-13176.