Splunk has recently issued critical security updates to remediate multiple vulnerabilities identified in third-party packages utilized within its Enterprise versions. These updates, released on July 7, 2025, target versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, and subsequent releases. The primary focus is on addressing high-severity vulnerabilities in essential components such as setuptools, golang.org/x/crypto, OpenSSL, and libcurl, which, if exploited, could significantly compromise system security.
Key Vulnerabilities Addressed:
1. Critical Vulnerability in golang.org/x/crypto:
– CVE-2024-45337: This critical flaw affects the spl2-orchestrator component within Splunk Enterprise. It pertains to weaknesses in the cryptographic implementations used by Go applications, potentially allowing attackers to compromise encrypted communications or bypass security controls. Applications utilizing the golang.org/x/crypto package for cryptographic operations, including encryption, decryption, and secure key management, are particularly at risk.
2. High-Severity Vulnerabilities in Setuptools, GoLang, and Libcurl:
– Setuptools (CVE-2024-6345): A high-severity vulnerability addressed by upgrading to version 70.0.0.
– GoLang (CVE-2025-22869): This vulnerability affects the identity component of golang.org/x/crypto and has been mitigated by upgrading to version 0.36.0.
– Libcurl: Multiple vulnerabilities have been addressed by upgrading to a patched version, mitigating risks associated with unauthorized access or system compromise.
Detailed Remediation Measures:
Splunk’s security advisory outlines the specific packages, their patched versions, associated CVEs, and severity levels:
– Setuptools:
– Patched Version: Upgraded to 70.0.0
– CVE ID: CVE-2024-6345
– Severity: High
– golang.org/x/crypto (compsup):
– Patched Version: Upgraded to 0.37.0
– CVE IDs: CVE-2024-45337, CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338
– Severity: High
– golang.org/x/crypto (identity):
– Patched Version: Upgraded to 0.36.0
– CVE ID: CVE-2025-22869
– Severity: High
– golang.org/x/crypto (spl2-orchestrator):
– Patched Version: Upgraded to 0.36.0
– CVE ID: CVE-2024-45337
– Severity: Critical
– golang.org/x/net (compsup):
– Patched Version: Upgraded to 0.39.0
– CVE ID: CVE-2024-45338
– Severity: Medium
– golang.org/x/net (spl2-orchestrator):
– Patched Version: Upgraded to 0.37.0
– CVE ID: CVE-2024-45338
– Severity: Medium
– golang (Mongodump):
– Patched Version: Upgraded to 1.24.2
– CVE IDs: CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338, CVE-2025-22870
– Severity: High
– golang (Mongorestore):
– Patched Version: Upgraded to 1.24.2
– CVE IDs: CVE-2025-22869, CVE-2025-27414, CVE-2025-22868, CVE-2025-23387, CVE-2025-23389, CVE-2025-23388, CVE-2025-22952, CVE-2024-45338, CVE-2025-22870
– Severity: High
– golang (spl2-orchestrator):
– Patched Version: Upgraded to 1.24.0
– CVE IDs: Multiple
– Severity: High
– Beaker:
– Patched Version: Upgraded to 1.12.1
– CVE ID: CVE-2013-7489
– Severity: Medium
– azure-storage-blob:
– Patched Version: Upgraded to 12.13.0
– CVE ID: CVE-2022-30187
– Severity: Medium
– OpenSSL:
– Patched Version: Upgraded to 1.0.2zl
– CVE ID: CVE-2024-13176
– Severity: Low
Recommendations for Users:
To mitigate potential security risks, Splunk strongly recommends that users and administrators upgrade their Splunk Enterprise installations to the following minimum versions:
– Splunk Enterprise:
– Version 9.4.3
– Version 9.3.5
– Version 9.2.7
– Version 9.1.10
These updates ensure that all supported Enterprise versions receive the appropriate security patches, even though some component limitations may exist in older versions.
Conclusion:
The release of these critical security updates underscores Splunk’s commitment to maintaining the integrity and security of its Enterprise platform. By addressing vulnerabilities in third-party packages, Splunk aims to protect its users from potential exploits that could compromise system security. Users are urged to promptly apply these updates to safeguard their systems against identified threats.
