Splunk Address Third Party Packages Vulnerabilities in Enterprise Versions

Splunk has released critical security updates addressing multiple Common Vulnerabilities and Exposures (CVEs) in third-party packages across Enterprise versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and higher. 

Published on July 7, 2025, these updates remediate high-severity vulnerabilities in essential components, including setuptools, golang.org/x/crypto, OpenSSL, and libcurl packages that could potentially compromise system security.

Key Takeaways
1. Splunk addressing critical CVEs in third-party packages across Enterprise versions.
2. Updates include setuptools, golang.org/x/crypto, libcurl (10 CVEs), OpenSSL, and golang runtime components.
3. Upgrade to minimum versions: Enterprise 9.4.3, 9.3.5, 9.2.7, or 9.1.10.
4. All supported Enterprise versions receive appropriate security patches despite some component limitations in older versions.

Critical GoLang x/crypto Vulnerability

The security advisory identifies multiple critical and high-severity vulnerabilities requiring immediate attention. 

The most critical vulnerability, CVE-2024-45337 with a severity rating of “Critical,” affects golang.org/x/crypto in the spl2-orchestrator component. 

This flaw represents a high-severity in the cryptographic implementations used by Go applications, potentially allowing attackers to compromise encrypted communications or bypass security controls.

The vulnerability specifically impacts applications that utilize the golang.org/x/crypto package for cryptographic operations, including encryption, decryption, and secure key management. 

In the context of Splunk Enterprise, this CVE affects the spl2-orchestrator component, which handles orchestration tasks within the Splunk platform.

High-Severity Flaws in Setuptools, GoLang, and Libcurl 

High-severity vulnerabilities include CVE-2024-6345 in setuptools, CVE-2025-22869 in golang.org/x/crypto identity component, and multiple CVEs affecting golang packages in Mongodump and Mongorestore utilities.

The libcurl package presents particularly concerning exposure, with upgrades addressing ten separate CVEs, including CVE-2024-0853, CVE-2024-2398, CVE-2024-2466, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2024-11053, CVE-2025-0167, and CVE-2025-0725. 

These vulnerabilities span across different severity levels, with most classified as high-risk, potentially allowing unauthorized access or system compromise.

Organizations must immediately upgrade to the following minimum versions: Splunk Enterprise 9.4.3 (from 9.4.0-9.4.2), 9.3.5 (from 9.3.0-9.3.4), 9.2.7 (from 9.2.0-9.2.6), or 9.1.10 (from 9.1.0-9.1.9). 

It’s important to note that certain binaries like compsup are not present in 9.1.x versions, and spl2-orchestrator is absent from 9.3.x, 9.2.x, 9.1.x, and older versions. 

Despite these version-specific limitations, all supported Enterprise versions receive appropriate security patches for their respective components, ensuring comprehensive protection across the deployment ecosystem.

Think like an Attacker, Mastering Endpoint Security With Marcus Hutchins – Register Now