Third-Party Package Updates in Splunk Operator for Kubernetes Add-on - October 2025
Advisory ID: SVD-2025-1011
CVE ID: Multiple
Published: 2025-10-29
Last Update: 2025-10-29
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Operator for Kubernetes Add-on version 3.0.0, including the following:
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| golang1 | Upgraded to 1.24.2 | Multiple | Critical |
| golang.org/x/oauth2 | Upgraded to 0.27.0 | CVE-2025-22868 | High |
| golang.org/x/net | Upgraded to 0.41.0 | CVE-2025-22872 | Medium |
| glib22 | Upgraded | Multiple | Medium |
| glibc3 | Upgraded | CVE-2025-4802 | Medium |
1 Upgraded golang from 1.23.0 to 1.24.2 to remedy CVE-2024-45336, CVE-2024-34155, CVE-2024-34158, CVE-2025-22866, CVE-2024-45341, CVE-2025-22871, and CVE-2024-34156.
2 Upgraded ubi-minimal to version 8.10-1755105495 to address glib2-related CVEs, including CVE-2023-29499, CVE-2024-52533, CVE-2025-4373, CVE-2025-3360, CVE-2023-32665, CVE-2023-32611, CVE-2024-34397, and CVE-2023-32636.
3 Upgraded ubi-minimal to version 8.10-1755105495 to address glibc-related CVEs, including CVE-2025-4802.
Solution
Upgrade Splunk Operator for Kubernetes Add-on to versions 3.0.0 or higher.
See Splunk Operator for Kubernetes releases
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk Operator for Kubernetes Add-on | 3.0 | Below 3.0.0 | 3.0.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.