Third-Party Package Updates in Splunk AppDynamics Machine Agent - October 2025
Advisory ID: SVD-2025-1008
CVE ID: Multiple
Published: 2025-10-29
Last Update: 2025-10-29
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Machine Agent version 25.7.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| jetty_jetty-http | Upgraded to 12.0.22 | CVE-2024-6763 | Medium |
| openssl | Upgraded to 3.0.6 | CVE-2022-3358 | High |
| Apache commons-fileupload | Upgraded to 1.6.0 | CVE-2025-48976 | High |
Solution
Upgrade Splunk AppDynamics Machine Agent to versions 25.7.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Machine Agent | 25.7.0 | Below 25.7.0 | 25.7.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.