By rssfeeds-admin 
The advisory, designated SVD-2025-0712, was published on July 7, 2025, and includes patches for numerous critical and high-severity vulnerabilities that could potentially impact the security and performance of SOAR deployments.
Critical Vulnerabilities Addressed
The most significant security update addresses CVE-2024-32002,
This vulnerability allows attackers to manipulate Git repositories using submodules, potentially leading to remote code execution through malicious hooks executed during repository cloning operations.
The vulnerability specifically affects Git versions before 2.45.1 and requires symbolic link support on case-insensitive operating systems.
Another critical vulnerability patched is CVE-2024-48949 in the @babel/traverse package, which was upgraded to version 7.26.7 in SOAR 6.4.0 and completely removed in version 6.4.1.
This component is essential for JavaScript compilation and processing within SOAR’s web interface components.
High-Severity Package Updates
Several high-severity vulnerabilities were remediated across multiple packages:
Django, a crucial web framework component, was upgraded to version 4.2.20 in the Automation Broker to address CVE-2024-45230.
This vulnerability in Django’s urlize() and urlizetrunc() Template filters could lead to denial-of-service attacks through specially crafted inputs with specific character sequences.
Tornado, the Python web framework, received an upgrade to version 6.4.2 to patch CVE-2024-52804.
This vulnerability involved inefficient HTTP cookie parsing that could cause excessive CPU consumption and potentially block the event loop thread, impacting overall system performance.
Werkzeug, a Web Server Gateway Interface library, was updated to version 3.0.6 to resolve CVE-2024-49767.
This vulnerability allowed attackers to cause resource exhaustion through maliciously crafted form submissions that could consume significantly more memory than the actual upload size.
The cryptography package was upgraded to version 44.0.1 to address CVE-2024-12797.
This vulnerability affected the underlying OpenSSL library and could potentially enable man-in-the-middle attacks when using Raw Public Keys (RPKs) for TLS authentication.
Medium-Severity Updates and Security Enhancements
Several medium-severity vulnerabilities were also addressed in the update.
The @babel/runtime package was upgraded to version 7.26.10 to fix CVE-2025-27789, which involved inefficient regular expression processing that could lead to performance degradation.
The jinja template engine was updated to version 3.1.4 to resolve CVE-2024-34064, while pyOpenSSL received an upgrade to version 24.3.0 for CVE-2024-12797.
Additionally, the avahi-daemon configuration was modified to set the ‘enable-wide-area’ flag to ‘no’ in the ‘/etc/avahi/avahi-daemon.conf’ file within the Automation Broker, addressing CVE-2024-52616.
This change helps prevent potential network-based attacks through the Avahi service discovery protocol.
Immediate Action Required
Splunk strongly recommends that all SOAR users upgrade to version 6.4.1 or higher immediately to protect against these vulnerabilities.
The affected versions include Splunk SOAR 6.4.0 and below, with version 6.4.1 serving as the minimum secure version.
Organizations should prioritize this update given the critical nature of several vulnerabilities, particularly the Git RCE vulnerability and the various denial-of-service threats that could impact operational security workflows.
This comprehensive security update demonstrates Splunk’s commitment to maintaining robust security postures for its SOAR platform, ensuring that security teams can continue to rely on the platform for critical incident response and threat mitigation activities without exposure to known vulnerabilities in underlying third-party components.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Splunk Soar Fixes Critical Third‑Party Package Flaws—Update Immediately appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.