Third-Party Package Updates in Splunk SOAR - July 2025

Advisory ID: SVD-2025-0712

CVE ID: Multiple

Published: 2025-07-07

Last Update: 2025-07-07

Description

Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk SOAR versions 6.4.0 and 6.4.1 including the following:

Package	Remediation	CVE	Severity
git	Upgrade to v2.48.1	CVE-2024-32002	Critical
@babel/runtime	Upgraded to v7.26.10	CVE-2025-27789	Medium
django	Upgraded to v4.2.20 in Automation Broker	CVE-2024-45230	High
cryptography	Upgraded to v44.0.1	CVE-2024-12797	Medium
pyOpenSSL	Upgraded to v24.3.0	CVE-2024-12797	Medium
jquery.datatables₁	Upgraded to v1.13.11	Multiple	High
DomPurify₂	Upgraded to v3.2.4	Multiple	High
wkhtml	Removed the wkhtml in Automation Broker	CVE-2022-35583	High
cross-spawn	Upgraded to v7.0.6	CVE-2024-21538	High
@babel/traverse₃	Upgraded to v7.26.7	CVE-2024-48949	Critical
setuptools	Upgraded to v75.5.0 in v6.4.0 and Upgraded to v78.1.0 in Splunk SOAR v6.4.1	CVE-2024-6345	High
axios	Upgraded to v1.7.9 in 6.4.0 and Upgraded to 1.8.3 in 6.4.1	CVE-2024-39338	High
jinja	Upgraded to v3.1.4	CVE-2024-34064	Medium
tornado	Upgraded to v6.4.2	CVE-2024-52804	High
avahi-daemon₄	Enable-wide-area is set to 'no' in the '/etc/avahi/avahi-daemon.conf' in Automation Broker	CVE-2024-52616	Medium
werkzeug	Upgraded to v3.0.6	CVE-2024-49767	High

₁ Upgraded jQuery Datatables from v1.10.21 to v1.13.11 to remedy CVE-2020-28458, CVE-2021-23445

₂ Upgraded Dompurify from v3.0.1 to v3.2.4 to remedy CVE-2024-45801, CVE-2024-47875

₃ The babel/traverse is removed in Splunk SOAR v6.4.1

₄ The flag ‘enable-wide-area’ is set to ‘no’ in /etc/avahi/avahi-daemon.conf.

Solution

Upgrade Splunk SOAR to version 6.4.1 or higher.

Product Status

Product	Base Version	Affected Version	Fix Version
Splunk SOAR	6.4	Below 6.4.1	6.4.1

Severity

For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.