Third-Party Package Updates in Splunk User Behavior Analytics (UBA) - July 2025

Advisory ID: SVD-2025-0713

CVE ID:  Multiple

Published: 2025-07-30

Last Update: 2025-07-30

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk User Behavior Analytics (UBA) version 5.4.3, including the following:

PackageRemediationCVESeverity
Jetty HTTPUpgraded to 9.4.57CVE-2024-6763Medium
selliniumUpgraded to 4.30.0CVE-2023-5590High
node.js1Upgraded to 22.14.0MultipleHigh
OpenJDKUpgraded to 8u452CVE-2025-21502Medium
Apache Kafka2Upgraded to 3.9.0MultipleMedium
docker3Upgraded to 28.0.4MultipleHigh
containered.ioUpgraded to 1.7.27CVE-2024-40635Medium
curl4Upgraded to 8.4.0MultipleCritical
werkzeug5Upgraded to 3.6.0MultipleHigh
krb5-libs6Upgraded to 1.18.2-31MultipleHigh
pythonUpgraded to 3.12.10CVE-2024-12254High

1 Updated node.js to 22.14.0 to remedy CVE‑2024‑27980, and CVE‑2024‑22020.

2 Updated Apache Kafka to 3.9.0 to remedy CVE-2024-31141, and CVE-2024-56128.

3 Updated docker to 28.0.4 to remedy CVE-2025-22869, and CVE-2025-27144.

4 Updated curl to 8.4.0 to remedy CVE-2023-38545, CVE-2023-38546, and CVE-2023-38039.

5 Updated werkzeug to 3.6.0 to remedy CVE-2024-49766, and CVE-2024-49767.

6 Updated krb5-libs to 1.18.2-31 to remedy CVE-2022-42898, CVE-2024-26458, CVE-2024-26461, CVE-2024-37370, and CVE-2024-37371.

Solution

Upgrade Splunk User Behavior Analytics (UBA) to version 5.4.3 or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Splunk User Behavior Analytics (UBA)5.4Below 5.4.35.4.3

Severity

For the CVEs in this list, Splunk adopted the national vulnerability database (NVD) common vulnerability scoring system (CVSS) rating to align with industry standards.