Splunk: CVE-2025-32415: Third-Party Package Updates in Splunk Enterprise - October 2025

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk Enterprise versions 10.0.1, 9.4.4, 9.3.6, 9.2.8, and higher. 1Removed protobuf-java from Splunk Enterprise to remedy CVE-2015-5237 and CVE-2024-7254 2Upgraded KV store server version from 4.2 to 7.0 for Splunk Enterprise 10.0 and 9.4 to remedy CVE-2024-7553 and CVE-2024-1351 3Removed webpack from the Splunk Monitoring Console to remedy CVE-2022-46175, CVE-2022-37601, and CVE-2021-44906 4Removed import-loader from the Splunk Monitoring Console to remedy CVE-2022-37601 5Applied the patch for CVE-2025-32415 to xmlschemas.c in libxml2 version 2.9.14. Fixed in v9.2.8, v9.3.7, v9.4.4, v10.0.1 6Upgraded Curl to v8.14.1 to remedy CVE-2025-0167, CVE-2025-0725, CVE-2025-5025, CVE-2025-4947. Remedied in 10.0.1.