Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2025-9670)

Summary IBM Security SOAR uses an older version of the turndown javascript module that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.8.0 Vulnerability Details CVEID:CVE-2025-9670 DESCRIPTION...

CVE-2025-9670

A security flaw has been discovered in mixmark-io turndown up to 7.2.1. This affects an unknown function of the file src/commonmark-rules.js. Performing manipulation results in inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit has been released...

CVE-2025-9670

creationtimestamp| type| source ---|---|--- 2025-08-29 23:09:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxl6iklxfn2r 2026-03-12 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-071-03...

org.webjars.npm:ckeditor5 (>=44.1.0 <=44.3.0), org.webjars.npm:ckeditor__ckeditor5-adapter-ckfinder (>=44.1.0 <=44.3.0) +59 more potentially affected by CVE-2025-9670 via org.webjars.npm:turndown (=7.2.0)

org.webjars.npm:turndown MAVEN version =7.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:turndown and may be impacted: - org.webjars.npm:ckeditor5 =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0, =44.1.0,...

0xkobold (>=0.5.0 <=0.8.0), 1dr-cli (>=0.2.10 <=0.5.14) +4276 more potentially affected by CVE-2025-9670 via turndown (>=4.0.1 <=7.2.4)

turndown NPM version =4.0.1, =0.5.0, =0.2.10, =0.2.0, =0.0.1, =1.0.0, =1.0.0, =0.2.1, =0.1.0, =0.1.0, =0.1.1, =0.2.9, =0.5.0, =1.0.0, =1.0.8 and more Source cves: CVE-2025-9670 Source advisory: SNYK:JS-TURNDOWN-12304081...