Third-Party Package Updates in Splunk AppDynamics On-Premises Enterprise Console - August 2025
Advisory ID: SVD-2025-0801
CVE ID: Multiple
Published: 2025-08-06
Last Update: 2025-08-06
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics On-Premises Enterprise Console version 25.4.0 and higher, including the following:
Package | Remediation | CVE | Severity |
---|---|---|---|
batik1 | Upgraded | Multiple | High |
body-parser | Upgraded | CVE-2024-45590 | High |
bouncycastle-fips | Upgraded | CVE-2024-29857 | High |
druid | Upgraded | CVE-2025-27888 | High |
gstreamer2 | Upgraded | Multiple | Critical |
jackson-databind | Upgraded | CVE-2023-35116 | Medium |
jackson-mapper-asl3 | Upgraded | Multiple | Critical |
json-smart | Upgraded | CVE-2023-1370 | High |
jszip4 | Upgraded | Multiple | High |
elasticsearch5 | Upgraded | Multiple | High |
python6 | Upgraded | Multiple | High |
logback-core7 | Upgraded | Multiple | High |
mysql8 | Upgraded | Multiple | Medium |
netty9 | Upgraded | Multiple | Critical |
netty-handler | Upgraded | CVE-2025-24970 | High |
nimbus-jose-jwt | Upgraded | CVE-2023-52428 | High |
okhttp | Upgraded | CVE-2023-0833 | Medium |
okio | Upgraded | CVE-2023-3635 | Medium |
zlib10 | Upgraded | Multiple | Critical |
zookeeper11 | Upgraded | Multiple | Critical |
zstd | Upgraded | CVE-2022-4899 | High |
1 Upgraded batik to remedy CVE-2022-38648, CVE-2022-41704, CVE-2022-40146, CVE-2022-38398, and CVE-2022-42890.
2 Upgraded gstreamer to remedy CVE-2024-47778, CVE-2024-47606, CVE-2024-47546, CVE-2024-47602, CVE-2024-47607, CVE-2024-47774, CVE-2024-47603, CVE-2024-47596, CVE-2024-47615, CVE-2024-47543, CVE-2024-47541, CVE-2024-47544, CVE-2024-47777, CVE-2024-47537, CVE-2024-47599, CVE-2023-50186, CVE-2024-47834, CVE-2024-47835, CVE-2024-47601, CVE-2024-47776, CVE-2024-47538, CVE-2024-47542, CVE-2024-47540, CVE-2024-47598, CVE-2024-47775, CVE-2024-47600, CVE-2024-47597, CVE-2024-47539, CVE-2024-47545, and CVE-2024-4761.
3 Upgraded jackson-mapper-asl to remedy CVE-2019-14540, CVE-2020-36189, CVE-2019-16943, CVE-2020-10650, CVE-2017-7525, CVE-2019-17531, CVE-2020-36518, CVE-2019-10172, CVE-2019-16335, CVE-2019-14439, CVE-2019-14892, CVE-2018-12022, CVE-2019-17267, CVE-2019-14379, CVE-2018-5968, CVE-2018-7489, CVE-2021-20190, CVE-2022-42004, and CVE-2017-17485.
4 Upgraded jszip to remedy CVE-2022-48285 and CVE-2021-23413.
5 Upgraded elasticsearch to remedy CVE-2018-3824 and CVE-2024-52979.
6 Upgraded python to remedy CVE-2024-5642, CVE-2022-0391, CVE-2022-45061, CVE-2019-9674, CVE-2023-27043, CVE-2021-4189, and CVE-2022-48564.
7 Upgraded logback-core to remedy CVE-2021-42550 and CVE-2023-6378.
8 Upgraded mysql to remedy CVE-2025-21585, CVE-2025-30684, CVE-2025-21546, CVE-2025-21519, CVE-2025-21500, CVE-2025-21518, CVE-2025-30685, CVE-2025-21577, CVE-2025-21505, CVE-2025-30695, CVE-2025-30688, CVE-2025-21543, CVE-2025-21584, CVE-2025-30683, CVE-2025-30696, CVE-2025-21581, CVE-2025-21490, CVE-2025-30689, CVE-2025-21497, CVE-2025-21520, CVE-2025-21501, CVE-2025-21574, CVE-2025-30705, CVE-2025-21540, CVE-2025-21575, CVE-2025-30704, CVE-2025-30693, CVE-2025-21579, CVE-2025-21522, CVE-2025-30699, CVE-2025-21529, CVE-2025-21523, CVE-2025-30682, CVE-2025-30715, CVE-2025-30681, CVE-2025-21503, CVE-2025-30687, CVE-2025-21491, CVE-2025-21580, CVE-2025-30703, CVE-2025-21559, CVE-2025-21555, CVE-2025-30721, and CVE-2025-21531.
9 Upgraded netty to remedy CVE-2025-25193, CVE-2024-47535, CVE-2025-25193, CVE-2021-37137, CVE-2021-21290, CVE-2021-21295, CVE-2025-24970, CVE-2021-21409, CVE-2024-47535, CVE-2019-20445, CVE-2022-41881, CVE-2024-47535, CVE-2022-24823, CVE-2021-43797, CVE-2024-47535, CVE-2025-25193, CVE-2023-34462, CVE-2019-16869, CVE-2021-37136, CVE-2025-24970, CVE-2019-20444, CVE-2025-25193, and CVE-2023-34462.
10 Upgraded zlib to remedy CVE-2023-45853 and CVE-2023-6992.
11 Upgraded zookeeper to remedy CVE-2024-51504 and CVE-2024-23944.
Solution
Upgrade Splunk AppDynamics On-Premise Enterprise Console to versions 25.4.0 or higher.
Product Status
Product | Base Version | Affected Version | Fix Version |
---|---|---|---|
On-Premise Enterprise Console | 25.4.0 | Below 25.4.0 | 25.4.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.