Third-Party Package Updates in Enterprise Security 8.1.0 - July 2025

Advisory ID: SVD-2025-0715

CVE ID:  Multiple

Published: 2025-07-30

Last Update: 2025-07-30

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Enterprise Security versions 8.1.0 and higher, including the following:

PackageRemediationCVESeverity
got1Upgraded to 13.0.0CVE-2022-33987Medium
Elliptic2Upgraded to 6.6.1MultipleCritical
canvg3Upgraded to 3.0.11CVE-2025-25977High

1 Upgraded got from 11.8.5 to 13.0.0 to remedy CVE-2022-33987.

2 Upgraded Elliptic from 6.6.0 to 6.6.1 to remedy CVE-2024-48948, CVE-2024-42459, CVE-2024-42461, and CVE-2024-42460.

3 Upgraded canvg from 3.0.10 to 3.0.11 to remedy CVE-2025-25977.

Solution

Upgrade Enterprise Security to versions 8.1.0, or higher.

Product Status

ProductBase VersionAffected VersionFix Version
Enterprise Security8.1Below 8.1.08.1.0

Severity

For the CVEs in this list, Splunk adopted the severity rating that the vendor published.