Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN747 _____________________________________________________________________ DATE : 30/10/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Splunk AppDynamics Private Synthetic Agent, Third Party Packages in Splunk Operator for Kubernetes Add-on, Third Party Packages in Splunk Enterprise, Third Party Packages in Splunk AppDynamics Machine Agent, Third-Party Package Updates in Splunk AppDynamics Analytics Agent. ===================================================================== https://advisory.splunk.com/advisories/SVD-2025-1009 https://advisory.splunk.com/advisories/SVD-2025-1011 https://advisory.splunk.com/advisories/SVD-2025-1007 https://advisory.splunk.com/advisories/SVD-2025-1008 https://advisory.splunk.com/advisories/SVD-2025-1010 _____________________________________________________________________ Third-Party Package Updates in Splunk AppDynamics Private Synthetic Agent - October 2025 Advisory ID: SVD-2025-1009 CVE ID: Multiple Published: 2025-10-29 Last Update: 2025-10-29 Description Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Private Synthetic Agent version 25.7.0 and higher, including the following: Package Remediation CVE Severity mbedtls Upgraded to 3.6.2-r0 CVE-2024-45159 Critical gdk-pixbuf Upgraded to 2.42.12-r1 CVE-2022-48622 High Solution Upgrade Splunk AppDynamics Private Synthetic Agent to version 25.7.0 or higher. Product Status Product Base Version Affected Version Fix Version Splunk AppDynamics Private Synthetic Agent 25.7.0 Below 25.7.0 25.7.0 Severity For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. _____________________________________________________________________ Third-Party Package Updates in Splunk Operator for Kubernetes Add-on - October 2025 Advisory ID: SVD-2025-1011 CVE ID: Multiple Published: 2025-10-29 Last Update: 2025-10-29 Description Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Operator for Kubernetes Add-on version 3.0.0, including the following: Package Remediation CVE Severity golang1 Upgraded to 1.24.2 Multiple Critical golang.org/x/oauth2 Upgraded to 0.27.0 CVE-2025-22868 High golang.org/x/net Upgraded to 0.41.0 CVE-2025-22872 Medium glib22 Upgraded Multiple Medium glibc3 Upgraded CVE-2025-4802 Medium 1 Upgraded golang from 1.23.0 to 1.24.2 to remedy CVE-2024-45336, CVE-2024-34155, CVE-2024-34158, CVE-2025-22866, CVE-2024-45341, CVE-2025-22871, and CVE-2024-34156. 2 Upgraded ubi-minimal to version 8.10-1755105495 to address glib2-related CVEs, including CVE-2023-29499, CVE-2024-52533, CVE-2025-4373, CVE-2025-3360, CVE-2023-32665, CVE-2023-32611, CVE-2024-34397, and CVE-2023-32636. 3 Upgraded ubi-minimal to version 8.10-1755105495 to address glibc-related CVEs, including CVE-2025-4802. Solution Upgrade Splunk Operator for Kubernetes Add-on to versions 3.0.0 or higher. See Splunk Operator for Kubernetes releases Product Status Product Base Version Affected Version Fix Version Splunk Operator for Kubernetes Add-on 3.0 Below 3.0.0 3.0.0 Severity For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. _____________________________________________________________________ Third-Party Package Updates in Splunk Enterprise - October 2025 Advisory ID: SVD-2025-1007 CVE ID: Multiple Published: 2025-10-01 Last Update: 2025-10-29 Description Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.0.1, 9.4.4, 9.3.6, 9.2.8, and higher. Package Remediation CVE Severity protobuf-java1 Removed Multiple High mongod2 Upgraded to 7.0.14 Multiple High webpack3 Removed Multiple High imports-loader4 Removed CVE-2022-37601 Low libxml25 Patched CVE-2025-32415 High mongotools Upgraded to 100.12.1. Remedied in 10.0.0. CVE-2024-45337 High curl6 Upgraded to v8.14.1 Multiple High 1 Removed protobuf-java from Splunk Enterprise to remedy CVE-2015-5237 and CVE-2024-7254 2 Upgraded KV store server version from 4.2 to 7.0 for Splunk Enterprise 10.0 and 9.4 to remedy CVE-2024-7553 and CVE-2024-1351 3 Removed webpack from the Splunk Monitoring Console to remedy CVE-2022-46175, CVE-2022-37601, and CVE-2021-44906 4 Removed import-loader from the Splunk Monitoring Console to remedy CVE-2022-37601 5 Applied the patch for CVE-2025-32415 to xmlschemas.c in libxml2 version 2.9.14. Fixed in v9.2.8, v9.3.7, v9.4.4, v10.0.1 6 Upgraded Curl to v8.14.1 to remedy CVE-2025-0167, CVE-2025-0725, CVE-2025-5025, CVE-2025-4947. Remedied in 10.0.1. Solution Upgrade Splunk Enterprise to versions 10.0.1, 9.4.4, 9.3.6, 9.2.8, or higher. Product Status Product Base Version Affected Version Fix Version Splunk Enterprise 10.0 10.0.0 10.0.1 Splunk Enterprise 9.4 9.4.0 to 9.4.3 9.4.4 Splunk Enterprise 9.3 9.3.0 to 9.3.5 9.3.6 Splunk Enterprise 9.2 9.2.0 to 9.2.7 9.2.8 Severity For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. Changelog 2025-10-29: Updated the fix versions for the libxml2 package. Fixed in v9.2.8, v9.3.7, v9.4.4, v10.0.1 2025-10-29: Removed the Jackson-core package from the advisory 2025-10-29: Updated the solution section 2025-10-29: Updated version references in notes 5 and 6 from 10.0.0 to 10.0.1. _____________________________________________________________________ Third-Party Package Updates in Splunk AppDynamics Machine Agent - October 2025 Advisory ID: SVD-2025-1008 CVE ID: Multiple Published: 2025-10-29 Last Update: 2025-10-29 Description Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Machine Agent version 25.7.0 and higher, including the following: Package Remediation CVE Severity jetty_jetty-http Upgraded to 12.0.22 CVE-2024-6763 Medium openssl Upgraded to 3.0.6 CVE-2022-3358 High Apache commons-fileupload Upgraded to 1.6.0 CVE-2025-48976 High Solution Upgrade Splunk AppDynamics Machine Agent to versions 25.7.0 or higher. Product Status Product Base Version Affected Version Fix Version Splunk AppDynamics Machine Agent 25.7.0 Below 25.7.0 25.7.0 Severity For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. _____________________________________________________________________ Third-Party Package Updates in Splunk AppDynamics Analytics Agent - October 2025 Advisory ID: SVD-2025-1010 CVE ID: Multiple Published: 2025-10-29 Last Update: 2025-10-29 Description Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk AppDynamics Analytics Agent version 25.7.0 and higher, including the following: Package Remediation CVE Severity jetty_jetty-http Upgraded to 12.0.22 CVE-2024-6763 Medium openssl Upgraded to 3.0.6 CVE-2022-3358 High Apache commons-fileupload Upgraded to 1.6.0 CVE-2025-48976 High Solution Upgrade Splunk AppDynamics Analytics Agent to versions 25.7.0 or higher. Product Status Product Base Version Affected Version Fix Version Splunk AppDynamics Analytics Agent 25.7.0 Below 25.7.0 25.7.0 Severity For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================