Splunk SOAR Addresses Vulnerabilities in Third-Party Packages – Update Now

Splunk has published a critical security advisory revealing that its Security Orchestration, Automation and Response (SOAR) platform was shipping vulnerable versions of more than a dozen popular open-source packages—some with publicly available exploits.

Advisory SVD-2025-0712 confirms that Splunk SOAR versions 6.4.0 and 6.4.1 have now been patched and that administrators must upgrade to 6.4.1 or higher without delay.

Splunk stresses that its severity classifications mirror the National Vulnerability Database (NVD) where scores are available.

Because many of the underlying issues enable remote compromise with minimal user interaction, organizations running on-prem or cloud instances below 6.4.1 face elevated risk levels.

SOC teams should prioritize testing and deployment of the latest release, verify that Automation Brokers are also current, and review playbooks for embedded dependencies.