Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Monitoring Splunk
- :
- CVE-2025-9230 - OpenSSL 1.0.2zl-fips Vulnerability
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
We have been reported that there is an open vulnerability with openssl for SplunkUniversal Forwarder, as described below:
File C:\Program Files\SplunkUniversalForwarder\bin\openssl.exe version 3.0.16 is vulnerable to CVE-2025-9230, which exists in versions >= 3.0.0, < 3.0.18
Vulnerabilities 1.0.2 | OpenSSL Library
We have updated Universal forwarder to version 10.01.0, but the OpenSSL version has not been changed. Any ideas on how to update it or if there is a patch for splunk that we can apply?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gteccr
Splunk 10.0.1 was released on 25th September 2025 however CVE-2025-9230 was not published until 30th September 2025 therefore I wouldnt necessarily expect the version to updated in the maintenance 10.0.1 release.
Given the timescales of maintenance and minor releases, I would imagine that we should see a release with a release which remedies this in the coming months.
You can keep track of Security Advisories at https://advisory.splunk.com/?301=%2Fen_us%2Fproduct-security.html where Splunk advise on which CVEs are resolved in various version upgrades.
You may also want to reach out to support (https://splunk.com/support) so that they can keep you informed of potential timescales for resolution of this.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk does not issue patches nor should you try to patch or upgrade the instance of OpenSSL that ships with Splunk.
Splunk should include the fixed version of OpenSSL in an upcoming release.
If this reply helps you, Karma would be appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you. Appreciate your help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @gteccr
Splunk 10.0.1 was released on 25th September 2025 however CVE-2025-9230 was not published until 30th September 2025 therefore I wouldnt necessarily expect the version to updated in the maintenance 10.0.1 release.
Given the timescales of maintenance and minor releases, I would imagine that we should see a release with a release which remedies this in the coming months.
You can keep track of Security Advisories at https://advisory.splunk.com/?301=%2Fen_us%2Fproduct-security.html where Splunk advise on which CVEs are resolved in various version upgrades.
You may also want to reach out to support (https://splunk.com/support) so that they can keep you informed of potential timescales for resolution of this.
🌟 Did this answer help you? If so, please consider:
- Adding karma to show it was useful
- Marking it as the solution if it resolved your issue
- Commenting if you need any clarification
Your feedback encourages the volunteers in this community to continue contributing
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much for the information. It really helps to justify why we cannot fix this vulnerability yet. Appreciate your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Issue tracked internally under VULN-48297
OpenSSL has been upgraded to 1.0.2zm in the fix and will be available in fixed versions :
-
9.4.7
-
9.3.9
-
9.2.11
-
10.0.3
-
CVE description:
-
CVE-2025-9230
Issue summary: An application trying to decrypt CMS messages encrypted using password based encryption can trigger an out-of-bounds read and write.
Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application. The out-of-bounds write can cause a memory corruption which can have various consequences including a Denial of Service or Execution of attacker-supplied code. Although the consequences of a successful exploit of this vulnerability could be severe, the probability that the attacker would be able to perform it is low. Besides, password based (PWRI) encryption support in CMS messages is very rarely used. For that reason the issue was assessed as Moderate severity according to our Security Policy. The FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue, as the CMS implementation is outside the OpenSSL FIPS module boundary.
-
-
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any idea when v.10.0.3 will be released?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What I received from Splunk support:
I would like to inform you that an estimated release date for the version that will fix the vulnerability for version 9.4.7,9.2.11 versions will be released by the end of December and for the 9.3.9,10.0.3 versions, we have an estimated time of arrival (ETA) of the end of March 2026.
Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA
.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...
A Season of Skills: New Splunk Courses to Light Up Your Learning Journey
