Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent - October 2025
Advisory ID: SVD-2025-1009
CVE ID: Multiple
Published: 2025-10-29
Last Update: 2025-10-29
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Private Synthetic Agent version 25.7.0 and higher, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| mbedtls | Upgraded to 3.6.2-r0 | CVE-2024-45159 | Critical |
| gdk-pixbuf | Upgraded to 2.42.12-r1 | CVE-2022-48622 | High |
Solution
Upgrade Splunk AppDynamics Private Synthetic Agent to version 25.7.0 or higher.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk AppDynamics Private Synthetic Agent | 25.7.0 | Below 25.7.0 | 25.7.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.