Third-Party Package Updates in Splunk SOAR - November 2025
Advisory ID: SVD-2025-1104
CVE ID: Multiple
Published: 2025-11-26
Last Update: 2025-11-26
Description
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk SOAR version 7.0.0, and higher.
| Package | Remediation | CVE | Severity |
|---|---|---|---|
| setuptools1 | Upgraded | CVE-2025-47273 | High |
| Jinja22 | Upgraded | CVE-2024-56326 | Medium |
| @bable/helpers3 | Upgraded | CVE-2025-27789 | Medium |
| @bable/runtime4 | Upgraded | CVE-2025-27789 | Medium |
1 Upgraded setuptools to 78.1.1 to remediate CVE-2025-47273
2 Upgraded Jinja2 to 3.1.6 to remediate CVE-2024-56326
3 Upgraded @bable/helpers to 7.26.10 to remediate CVE-2025-27789
4 Upgraded @bable/runtime to 7.26.10 to remediate CVE-2025-27789
Solution
Upgrade Splunk SOAR to version 7.0.0 or higher.
Splunk is actively monitoring and patching Splunk Cloud Platform instances.
Product Status
| Product | Base Version | Affected Version | Fix Version |
|---|---|---|---|
| Splunk SOAR | 7.0 | Below 7.0.0 | 7.0.0 |
Severity
For the CVEs in this list, Splunk adopted the vendor’s severity rating or the National Vulnerability Database (NVD) common vulnerability scoring system (CVSS) rating, as available.