Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now

Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher. 

Published on July 7, 2025, these updates remediate high-severity vulnerabilities in essential components, including setuptools, golang.org/x/crypto, OpenSSL, and libcurl packages that could potentially compromise system security.

Key Takeaways
1. Splunk addressing critical CVEs in third-party packages across Enterprise versions.
2. Updates include setuptools, golang.org/x/crypto, libcurl (10 CVEs), OpenSSL, and golang runtime components.
3. Upgrade to minimum versions: Enterprise 9.4.3, 9.3.5, 9.2.7, or 9.1.10.
4. All supported Enterprise versions receive appropriate security patches despite some component limitations in older versions.

Critical GoLang x/crypto Vulnerability

The security advisory identifies multiple critical and high-severity vulnerabilities requiring immediate attention. 

The most critical vulnerability, CVE-2024-45337 with a severity rating of “Critical,” affects golang.org/x/crypto in the spl2-orchestrator component. 

This flaw represents a high-severity in the cryptographic implementations used by Go applications, potentially allowing attackers to compromise encrypted communications or bypass security controls.

The vulnerability specifically impacts applications that utilize the golang.org/x/crypto package for cryptographic operations, including encryption, decryption, and secure key management. 

In the context of Splunk Enterprise, this CVE affects the spl2-orchestrator component, which handles orchestration tasks within the Splunk platform.

High-Severity Flaws in Setuptools, GoLang, and Libcurl 

High-severity vulnerabilities include CVE-2024-6345 in setuptools, CVE-2025-22869 in golang.org/x/crypto identity component, and multiple CVEs affecting golang packages in Mongodump and Mongorestore utilities.

The libcurl package presents particularly concerning exposure, with upgrades addressing ten separate CVEs, including CVE-2024-0853, CVE-2024-2398, CVE-2024-2466, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2025-0167, and CVE-2025-0725. 

These vulnerabilities span across different severity levels, with most classified as high-risk, potentially allowing unauthorized access or system compromise.

PackagePatched Version / RemediationCVE ID(s)Severity
setuptoolsUpgraded to 70.0.0CVE-2024-6345High
golang.org/x/crypto (compsup)Upgraded to 0.37.0CVE-2024-45337, CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338High
golang.org/x/crypto (identity)Upgraded to 0.36.0CVE-2025-22869High
golang.org/x/crypto (spl2-orchestrator)Upgraded to 0.36.0CVE-2024-45337Critical
golang.org/x/net (compsup)Upgraded to 0.39.0CVE-2024-45338Medium
golang.org/x/net (spl2-orchestrator)Upgraded to 0.37.0CVE-2024-45338Medium
golang (Mongodump)Upgraded to 1.24.2CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338, CVE-2025-22870High
golang (Mongorestore)Upgraded to 1.24.2CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338, CVE-2025-22870High
golang (spl2-orchestrator)Upgraded to 1.24.0Multiple CVEsHigh
BeakerUpgraded to 1.12.1CVE-2013-7489Medium
azure-storage-blobUpgraded to 12.13.0CVE-2022-30187Medium
OpenSSLUpgraded to 1.0.2zlCVE-2024-13176Low
OpenSSLUpgraded to 1.0.2zlCVE-2024-9143Informational
libcurlUpgraded to 8.11.1CVE-2024-0853, CVE-2024-2398, CVE-2024-2466, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2025-0167, CVE-2025-0725High

Organizations must immediately upgrade to the following minimum versions: Splunk Enterprise 9.4.3 (from 9.4.0-9.4.2), 9.3.5 (from 9.3.0-9.3.4), 9.2.7 (from 9.2.0-9.2.6), or 9.1.10 (from 9.1.0-9.1.9). 

It’s important to note that certain binaries like compsup are not present in 9.1.x versions, and spl2-orchestrator is absent from 9.3.x, 9.2.x, 9.1.x, and older versions. 

Despite these version-specific limitations, all supported Enterprise versions receive appropriate security patches for their respective components, ensuring comprehensive protection across the deployment ecosystem.

Think like an Attacker, Mastering Endpoint Security With Marcus Hutchins – Register Now

The post Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions – Update Now appeared first on Cyber Security News.