Splunk Enterprise Addresses Vulnerabilities in Bundled Third-Party Packages – Update Now

Splunk has released critical security updates for its Enterprise platform, addressing multiple vulnerabilities in bundled third-party packages across several product versions.

The company issued Advisory SVD-2025-0710 on July 7, 2025, urging immediate updates to protect against various security exposures ranging from informational to critical severity levels.

Critical Security Updates Released

Splunk Enterprise versions 9.4.3, 9.3.5, 9.2.7, and 9.1.10 have been released to remediate numerous Common Vulnerabilities and Exposures (CVEs) found in third-party packages.

The updates address vulnerabilities in essential components including setuptools, golang cryptographic libraries, networking packages, and various system utilities that could potentially compromise system security.

The most significant vulnerability addressed is CVE-2024-45337 in the golang.org/x/crypto package used by spl2-orchestrator, which carries a critical severity rating.

This vulnerability, along with multiple high-severity issues in golang components, posed substantial risks to enterprise deployments running affected versions.

The security update ...