CVSS: 5.0EPSS: %CPEs: 7EXPL: 0CVE-2025-20322 – Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20322
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).
The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating... • https://advisory.splunk.com/advisories/SVD-2025-0705 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: %CPEs: 4EXPL: 0CVE-2025-20323 – Missing Access Control of Saved Searches in the Splunk Archiver app
https://notcve.org/view.php?id=CVE-2025-20323
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app. En versiones de Splunk Enterprise anteriores a 9.4.3, 9.3.5, 9.2.7 y 9.1.10, un usuario con privilegios bajos que no tenga los roles de "admin" o "power" de Splunk podría desactivar la búsq... • https://advisory.splunk.com/advisories/SVD-2025-0706 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: %CPEs: 7EXPL: 0CVE-2025-20321 – Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20321
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.
The vulnerability requires the attacker to phish the administrator-level victim by tri... • https://advisory.splunk.com/advisories/SVD-2025-0704 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.1EPSS: %CPEs: 7EXPL: 0CVE-2025-20325 – Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20325
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCCon... • https://advisory.splunk.com/advisories/SVD-2025-0709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: %CPEs: 4EXPL: 0CVE-2025-20319 – Remote Command Execution through Scripted Input Files in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20319
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.
See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documenta... • https://advisory.splunk.com/advisories/SVD-2025-0702 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2025-20324 – Improper Access Control in System Source Types Configuration in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20324
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST end... • https://advisory.splunk.com/advisories/SVD-2025-0707 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: %CPEs: 7EXPL: 0CVE-2025-20320 – Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20320
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk d... • https://advisory.splunk.com/advisories/SVD-2025-0703 • CWE-35: Path Traversal: '.../ •
CVSS: 4.3EPSS: %CPEs: 7EXPL: 0CVE-2025-20300 – Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20300
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-an... • https://advisory.splunk.com/advisories/SVD-2025-0708 • CWE-863: Incorrect Authorization •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20298 – Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade
https://notcve.org/view.php?id=CVE-2025-20298
02 Jun 2025 — In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents. En versiones de Universal Forwarder para Windows anteriores a 9.4.2, 9.3.4, 9.2.6 y 9.1.9, una nueva instalación ... • https://advisory.splunk.com/advisories/SVD-2025-0602 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20297 – Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component
https://notcve.org/view.php?id=CVE-2025-20297
02 Jun 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise anteriores a 9.4.2, 9.3.4 y 9.2.6, y en las versiones de Splunk Cloud Platform anteriores ... • https://advisory.splunk.com/advisories/SVD-2025-0601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •