新媒网 · 跨境数据社区

CVE of the week ☢️ This week's CVE is: CVE-2025-22621 With a CVSS of 6.4/10 “Medium” This vulnerability is the result of improper privilege management “CWE-269” Details: This vulnerability affects Splunk, specifically “Splunk App For SOAR” which is described as follows “The Splunk App for SOAR gets data from your Splunk SOAR instance for manipulation and display in Splunk.” The Splunk documentation recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role, which could lead to improper access-control for low-privileged users who do not hold the “admin” role. Mitigation: — Upgrade to version 1.0.71 or higher — Remove the `admin_all_objects` capability from all low-privileged users who hold the `splunk_app_soar` role Writer of the week: Mohab Gabber If you want to write the next week's post, send us a message, and you could be featured on all social media next week ❤️💪 Thank you for reading this week's CVE, we hope you enjoyed it. Make sure to follow us to get the latest updates about cybersecurity 🔥 #cybersecurity #cyberhotline #cyberhotlineacademy #CybersecurityTraining #cybersecurityawareness #cybersecuritynews #cybersecuritytips #splunk #cve #vulnerability #cveoftheweek