Third-Party Package Updates in Enterprise Security 8.1.0 - July 2025
Advisory ID: SVD-2025-0715
CVE ID: Multiple
Published: 2025-07-30
Last Update: 2025-07-30
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Enterprise Security versions 8.1.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| got1 | Upgraded to 13.0.0 | CVE-2022-33987 | Medium |
| Elliptic2 | Upgraded to 6.6.1 | Multiple | Critical |
| canvg3 | Upgraded to 3.0.11 | CVE-2025-25977 | High |
1 Upgraded got from 11.8.5 to 13.0.0 to remedy CVE-2022-33987.
2 Upgraded Elliptic from 6.6.0 to 6.6.1 to remedy CVE-2024-48948, CVE-2024-42459, CVE-2024-42461, and CVE-2024-42460.
3 Upgraded canvg from 3.0.10 to 3.0.11 to remedy CVE-2025-25977.
Solution
Upgrade Enterprise Security to versions 8.1.0, or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Enterprise Security | 8.1 | Below 8.1.0 | 8.1.0 |
Severity
For the CVEs in this list, Splunk adopted the severity rating that the vendor published.