Splunk has launched vital safety updates addressing a number of vulnerabilities in third-party packages in SOAR variations 6.4.0 and 6.4.
Printed on July 7, 2025, this complete safety replace remediates varied Widespread Vulnerabilities and Exposures (CVEs) starting from medium to vital severity ranges.
The vulnerabilities have an effect on important elements, together with git, Django, cryptography libraries, and JavaScript packages, requiring quick consideration from safety directors managing Splunk SOAR deployments.
Key Takeaways1. Splunk addresses a number of vital CVEs together with CVE-2024-32002 (git) and CVE-2024-48949 (@babel/traverse) in SOAR variations 6.4.0 and 6.4.1.2. Third-party elements upgraded, together with Django, cryptography, jQuery DataTables, and wkhtml removing, protecting vulnerabilities from vital to medium severity.3. All SOAR 6.4 installations beneath model 6.4.1 should instantly improve to six.4.1 or increased.4. Unpatched vulnerabilities may allow unauthorized entry, code execution, and knowledge manipulation throughout the core SOAR infrastructure.
Crucial Vulnerabilities Addressed
The safety advisory identifies a number of critical-severity vulnerabilities that pose quick dangers to SOAR environments.
CVE-2024-32002 is a vital severity vulnerability affecting the git bundle. This vulnerability was recognized in Splunk SOAR variations 6.4.0 and 6.4.1 and has been remediated by means of an improve to git model 2.48.1.
The vital severity score signifies this vulnerability poses vital safety dangers and requires quick consideration from system directors.
CVE-2024-48949 represents one other vital severity vulnerability, particularly focusing on the @babel/traverse bundle.
In Splunk SOAR model 6.4.0, this vulnerability was addressed by upgrading the bundle to model 7.26.7.
Nonetheless, within the subsequent SOAR model 6.4.1, Splunk took the extra decisive method of fully eradicating the @babel/traverse bundle to remove the vulnerability completely.
Excessive-Severity Points
Excessive-severity vulnerabilities embrace CVE-2024-45230 in Django, CVE-2024-21538 in cross-spawn, CVE-2024-52804 in twister, CVE-2022-35583 wkhtml vulnerability, CVE-2024-6345 in Setuptools, CVE-2024-39338 in Axios JavaScript library and CVE-2024-49767 in Werkzeug WSGI utility library.
These vulnerabilities may doubtlessly enable unauthorized entry, code execution, or knowledge manipulation inside the SOAR surroundings.
PackagePatched Model / RemediationCVE ID(s)SeveritygitUpgrade to v2.48.1CVE-2024-32002Critical@babel/runtimeUpgraded to v7.26.10CVE-2025-27789MediumdjangoUpgraded to v4.2.20 in Automation BrokerCVE-2024-45230HighcryptographyUpgraded to v44.0.1CVE-2024-12797MediumpyOpenSSLUpgraded to v24.3.0CVE-2024-12797Mediumjquery.datatablesUpgraded to v1.13.11CVE-2020-28458, CVE-2021-23445HighDomPurifyUpgraded to v3.2.4CVE-2024-45801, CVE-2024-47875HighwkhtmlRemoved from Automation BrokerCVE-2022-35583Highcross-spawnUpgraded to v7.0.6CVE-2024-21538High@babel/traverseUpgraded to v7.26.7 (eliminated in v6.4.1)CVE-2024-48949CriticalsetuptoolsUpgraded to v75.5.0 (v6.4.0) / v78.1.0 (v6.4.1)CVE-2024-6345HighaxiosUpgraded to v1.7.9 (v6.4.0) / v1.8.3 (v6.4.1)CVE-2024-39338HighjinjaUpgraded to v3.1.4CVE-2024-34064MediumtornadoUpgraded to v6.4.2CVE-2024-52804Highavahi-daemonSet enable-wide-area to ‘no’ in configCVE-2024-52616MediumwerkzeugUpgraded to v3.0.6CVE-2024-49767High
Organizations should instantly improve to Splunk SOAR model 6.4.1 or increased to remediate all recognized vulnerabilities.
The advisory impacts all SOAR base model 6.4 installations beneath 6.4.1, making this replace important for sustaining safety posture.
System directors ought to prioritize this replace because of the presence of a number of vital and high-severity CVEs.
Organizations ought to schedule upkeep home windows promptly to deploy these vital safety patches and shield their SOAR environments from potential exploitation.
Assume like an Attacker, Mastering Endpoint Safety With Marcus Hutchins – Register Now
