BURSTSplunk has released critical security updates addressing multiple vulnerabilities in third-party packages in SOAR versions 6.4.0 and 6.4.
Published on July 7, 2025, this comprehensive security update remediates various Common Vulnerabilities and Exposures (CVEs) ranging from medium to critical severity levels.
The vulnerabilities affect essential components, including git, Django, cryptography libraries, and JavaScript packages, requiring immediate attention from security administrators managing Splunk SOAR deployments.
Key Takeaways
1. Splunk addresses multiple critical CVEs including CVE-2024-32002 (git) and CVE-2024-48949 (@babel/traverse) in SOAR versions 6.4.0 and 6.4.1.
2. Third-party components upgraded, including Django, cryptography, jQuery DataTables, and wkhtml removal, covering vulnerabilities from critical to medium severity.
3. All SOAR 6.4 installations below version 6.4.1 must immediately upgrade to 6.4.1 or higher.
4. Unpatched vulnerabilities could enable unauthorized access, code execution, and data manipulation across the core SOAR infrastructure.
Critical Vulnerabilities Addressed
The security advisory identifies several critical-severity vulnerabilities that pose immediate risks to SOAR environments.
CVE-2024-32002 is a critical severity vulnerability affecting the git package. This vulnerability was identified in Splunk SOAR versions 6.4.0 and 6.4.1 and has been remediated through an upgrade to git version 2.48.1.
The critical severity rating indicates this vulnerability poses significant security risks and requires immediate attention from system administrators.
CVE-2024-48949 represents another critical severity vulnerability, specifically targeting the @babel/traverse package.
In Splunk SOAR version 6.4.0, this vulnerability was addressed by upgrading the package to version 7.26.7.
However, in the subsequent SOAR version 6.4.1, Splunk took the more decisive approach of completely removing the @babel/traverse package to eliminate the vulnerability entirely.
High-Severity Issues
High-severity vulnerabilities include CVE-2024-45230 in Django, CVE-2024-21538 in cross-spawn, CVE-2024-52804 in tornado, CVE-2022-35583 wkhtml vulnerability, CVE-2024-6345 in Setuptools, CVE-2024-39338 in Axios JavaScript library and CVE-2024-49767 in Werkzeug WSGI utility library.
These vulnerabilities could potentially allow unauthorized access, code execution, or data manipulation within the SOAR environment.
| Package | Patched Version / Remediation | CVE ID(s) | Severity |
| git | Upgrade to v2.48.1 | CVE-2024-32002 | Critical |
| @babel/runtime | Upgraded to v7.26.10 | CVE-2025-27789 | Medium |
| django | Upgraded to v4.2.20 in Automation Broker | CVE-2024-45230 | High |
| cryptography | Upgraded to v44.0.1 | CVE-2024-12797 | Medium |
| pyOpenSSL | Upgraded to v24.3.0 | CVE-2024-12797 | Medium |
| jquery.datatables | Upgraded to v1.13.11 | CVE-2020-28458, CVE-2021-23445 | High |
| DomPurify | Upgraded to v3.2.4 | CVE-2024-45801, CVE-2024-47875 | High |
| wkhtml | Removed from Automation Broker | CVE-2022-35583 | High |
| cross-spawn | Upgraded to v7.0.6 | CVE-2024-21538 | High |
| @babel/traverse | Upgraded to v7.26.7 (removed in v6.4.1) | CVE-2024-48949 | Critical |
| setuptools | Upgraded to v75.5.0 (v6.4.0) / v78.1.0 (v6.4.1) | CVE-2024-6345 | High |
| axios | Upgraded to v1.7.9 (v6.4.0) / v1.8.3 (v6.4.1) | CVE-2024-39338 | High |
| jinja | Upgraded to v3.1.4 | CVE-2024-34064 | Medium |
| tornado | Upgraded to v6.4.2 | CVE-2024-52804 | High |
| avahi-daemon | Set enable-wide-area to ‘no’ in config | CVE-2024-52616 | Medium |
| werkzeug | Upgraded to v3.0.6 | CVE-2024-49767 | High |
Organizations must immediately upgrade to Splunk SOAR version 6.4.1 or higher to remediate all identified vulnerabilities.
The advisory affects all SOAR base version 6.4 installations below 6.4.1, making this update essential for maintaining security posture.
System administrators should prioritize this update due to the presence of multiple critical and high-severity CVEs.
Organizations should schedule maintenance windows promptly to deploy these critical security patches and protect their SOAR environments from potential exploitation.
Think like an Attacker, Mastering Endpoint Security With Marcus Hutchins – Register Now
The post Splunk Address Third-Party Packages Vulnerabilities in SOAR Versions – Update Now appeared first on Cyber Security News.