Adding Advisory CVE-2025-61727 for splunk-otel-collector (#27391)

octo-sts[bot] · dnegreira · web-flow · commit 83131c4940a2 · 2025-12-09T10:56:25.000Z
Co-authored-by: octo-sts[bot] &lt;157150467+octo-sts@users.noreply.github.com&gt;
Co-authored-by: David Negreira &lt;david.negreira@chainguard.dev&gt;
diff --git a/splunk-otel-collector.advisories.yaml b/splunk-otel-collector.advisories.yaml
@@ -357,6 +357,24 @@ advisories:
           type: component-vulnerability-mismatch
           note: Prometheus ships a Go (Golang) library with a versioning scheme that follows the 0.x format. However, the Prometheus application itself uses a versioning scheme based on 1.x, 2.x, etc. The vulnerability identified in CVE-2019-3826 is specifically associated with the Prometheus application, not the Golang library.
 
+  - id: CGA-cx3x-42xv-46vr
+    aliases:
+      - CVE-2025-61727
+      - GHSA-5mh9-3jwc-rp59
+    events:
+      - timestamp: 2025-12-06T16:52:56Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: splunk-otel-collector
+            componentID: 2d0bc6f91ef05b16
+            componentName: stdlib
+            componentVersion: go1.25.4
+            componentType: go-module
+            componentLocation: /usr/bin/otelcol
+            scanner: grype
+
   - id: CGA-g6j5-q5q5-wpr4
     aliases:
       - CVE-2025-29786
