The advisory, designated SVD-2025-0712, was published on July 7, 2025, and includes patches for numerous critical and high-severity vulnerabilities that could potentially impact the security and performance of SOAR deployments.
The most significant security update addresses CVE-2024-32002, a critical vulnerability in the Git package that has been upgraded to version 2.48.1.
This vulnerability allows attackers to manipulate Git repositories using submodules, potentially leading to remote code execution through malicious hooks executed during repository cloning operations.
The vulnerability specifically affects Git versions before 2.45.1 and requires symbolic link support on case-insensitive operating systems.
Another critical vulnerability patched is CVE-2024-48949 in the @babel/traverse package, which was upgraded to version 7.26.7 in SOAR 6.4.0 and completely removed in version 6.4.1.
This component is essential for JavaScript compilation and processing within SOAR’s web interface components.
Several high-severity vulnerabilities were remediated across multiple packages:
Django, a crucial web framework component, was upgraded to version 4.2.20 in the Automation Broker to address CVE-2024-45230.
This vulnerability in Django’s urlize() and urlizetrunc() Template filters could lead to denial-of-service attacks through specially crafted inputs with specific character sequences.
Tornado, the Python web framework, received an upgrade to version 6.4.2 to patch CVE-2024-52804.
This vulnerability involved inefficient HTTP cookie parsing that could cause excessive CPU consumption and potentially block the event loop thread, impacting overall system performance.
Werkzeug, a Web Server Gateway Interface library, was updated to version 3.0.6 to resolve CVE-2024-49767.
This vulnerability allowed attackers to cause resource exhaustion through maliciously crafted form submissions that could consume significantly more memory than the actual upload size.
The cryptography package was upgraded to version 44.0.1 to address CVE-2024-12797.
This vulnerability affected the underlying OpenSSL library and could potentially enable man-in-the-middle attacks when using Raw Public Keys (RPKs) for TLS authentication.
Several medium-severity vulnerabilities were also addressed in the update.
The @babel/runtime package was upgraded to version 7.26.10 to fix CVE-2025-27789, which involved inefficient regular expression processing that could lead to performance degradation.
The jinja template engine was updated to version 3.1.4 to resolve CVE-2024-34064, while pyOpenSSL received an upgrade to version 24.3.0 for CVE-2024-12797.
Additionally, the avahi-daemon configuration was modified to set the ‘enable-wide-area’ flag to ‘no’ in the ‘/etc/avahi/avahi-daemon.conf’ file within the Automation Broker, addressing CVE-2024-52616.
This change helps prevent potential network-based attacks through the Avahi service discovery protocol.
Splunk strongly recommends that all SOAR users upgrade to version 6.4.1 or higher immediately to protect against these vulnerabilities.
The affected versions include Splunk SOAR 6.4.0 and below, with version 6.4.1 serving as the minimum secure version.
Organizations should prioritize this update given the critical nature of several vulnerabilities, particularly the Git RCE vulnerability and the various denial-of-service threats that could impact operational security workflows.
This comprehensive security update demonstrates Splunk’s commitment to maintaining robust security postures for its SOAR platform, ensuring that security teams can continue to rely on the platform for critical incident response and threat mitigation activities without exposure to known vulnerabilities in underlying third-party components.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post Splunk Soar Fixes Critical Third‑Party Package Flaws—Update Immediately appeared first on Cyber Security News.
Developer Arc System Works has confirmed that Hulk and Black Panther have joined the roster…
Magic: The Gathering (MTG) artist Dan Frazier has admitted he "painted over" the work of…
May has officially arrived, and that means Mother's Day is coming up very soon (on…
Rotten pieces of siding hang from the sagging walls of the old train depot. Half…
For Lawi Kahurwa, it all started with a ride to basketball practice. He was in…
Select PlayStation users may be eligible for refunds tied to digital PSN purchases after a…
This website uses cookies.