The advisory, designated SVD-2025-0712, was published on July 7, 2025, and includes patches for numerous critical and high-severity vulnerabilities that could potentially impact the security and performance of SOAR deployments.
The most significant security update addresses CVE-2024-32002,
This vulnerability allows attackers to manipulate Git repositories using submodules, potentially leading to remote code execution through malicious hooks executed during repository cloning operations.
The vulnerability specifically affects Git versions before 2.45.1 and requires symbolic link support on case-insensitive operating systems.
Another critical vulnerability patched is CVE-2024-48949 in the @babel/traverse package, which was upgraded to version 7.26.7 in SOAR 6.4.0 and completely removed in version 6.4.1.
This component is essential for JavaScript compilation and processing within SOAR’s web interface components.
Several high-severity vulnerabilities were remediated across multiple packages:
Django, a crucial web framework component, was upgraded to version 4.2.20 in the Automation Broker to address CVE-2024-45230.
This vulnerability in Django’s urlize() and urlizetrunc() Template filters could lead to denial-of-service attacks through specially crafted inputs with specific character sequences.
Tornado, the Python web framework, received an upgrade to version 6.4.2 to patch CVE-2024-52804.
This vulnerability involved inefficient HTTP cookie parsing that could cause excessive CPU consumption and potentially block the event loop thread, impacting overall system performance.
Werkzeug, a Web Server Gateway Interface library, was updated to version 3.0.6 to resolve CVE-2024-49767.
This vulnerability allowed attackers to cause resource exhaustion through maliciously crafted form submissions that could consume significantly more memory than the actual upload size.
The cryptography package was upgraded to version 44.0.1 to address CVE-2024-12797.
This vulnerability affected the underlying OpenSSL library and could potentially enable man-in-the-middle attacks when using Raw Public Keys (RPKs) for TLS authentication.
Several medium-severity vulnerabilities were also addressed in the update.
The @babel/runtime package was upgraded to version 7.26.10 to fix CVE-2025-27789, which involved inefficient regular expression processing that could lead to performance degradation.
The jinja template engine was updated to version 3.1.4 to resolve CVE-2024-34064, while pyOpenSSL received an upgrade to version 24.3.0 for CVE-2024-12797.
Additionally, the avahi-daemon configuration was modified to set the ‘enable-wide-area’ flag to ‘no’ in the ‘/etc/avahi/avahi-daemon.conf’ file within the Automation Broker, addressing CVE-2024-52616.
This change helps prevent potential network-based attacks through the Avahi service discovery protocol.
Splunk strongly recommends that all SOAR users upgrade to version 6.4.1 or higher immediately to protect against these vulnerabilities.
The affected versions include Splunk SOAR 6.4.0 and below, with version 6.4.1 serving as the minimum secure version.
Organizations should prioritize this update given the critical nature of several vulnerabilities, particularly the Git RCE vulnerability and the various denial-of-service threats that could impact operational security workflows.
This comprehensive security update demonstrates Splunk’s commitment to maintaining robust security postures for its SOAR platform, ensuring that security teams can continue to rely on the platform for critical incident response and threat mitigation activities without exposure to known vulnerabilities in underlying third-party components.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Splunk Soar Fixes Critical Third‑Party Package Flaws—Update Immediately appeared first on Cyber Security News.
Following numerous delays, Bungie's Marathon is almost here, releasing on PC (via Steam), PS5, and…
Activision has demanded a prominent Call of Duty leaker stop releasing confidential information about the…
Resident Evil Requiem has sold 5 million copies in just five days, and is another…
Preorders for Pokémon TCG: Perfect Order Booster Bundles are now live at Amazon (see here),…
On Saturday Israel and the United States abruptly launched a large-scale war against Iran—the second…
As a young amateur painter and future art school dropout, I frequently found myself haunted…
This website uses cookies.