CVE-2025-31160

[jdonovan-itcnp]

Version

2.4.60

Installation Method

Security Onion ISO image

Description

other (please provide detail below)

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Meets minimum requirements

CPU

4

RAM

24

Storage for /

100

Storage for /nsm

215

Network Traffic Collection

span port

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

No, there are no additional clues

Detail

Our vulnerability scanner is reporting that CVE-2025-31160 from "atop" is present on the SecurityOnion instances. This is a low-risk finding, but it does not appear that either RedHat or Oracle are publishing a patch for it. So, we are hoping to get some additional details as to whether there will eventually be a patch available for this in SO 2.4.

Is this package pulled from OS vendor, or does SO incorporate it separately? And if so, are there plans to update to a non-vulnerable version?

Alternately, can this package be safely removed, or is it a dependency for SO?

https://nvd.nist.gov/vuln/detail/CVE-2025-31160

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[TOoSmOotH]

I have created an issue here: #14642

Starting in 2.4.160 we will no longer install it on the ISO install by default. When you soup to .160 it will be removed. Feel free to remove it in the mean time via: sudo salt \* pkg.remove atop That will remove it from all nodes in your grid.

We mirror the Oracle and EPEL repos for our packages so when a new package is updated it is available right away. If you are airgap, all updated packages from the time the ISO is cut will be on the ISO and replace the older versions on the grid.