CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20230 – Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20230
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.
In the affected versions, the `no... • https://advisory.splunk.com/advisories/SVD-2025-0307 • CWE-284: Improper Access Control •
CVSS: 2.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-20233 – Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing
https://notcve.org/view.php?id=CVE-2025-20233
26 Mar 2025 — In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user. • https://advisory.splunk.com/advisories/SVD-2025-0310 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20232 – Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20232
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter.
The vulnerability requires the attacker to phish ... • https://advisory.splunk.com/advisories/SVD-2025-0304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20229 – Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20229
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. • https://advisory.splunk.com/advisories/SVD-2025-0301 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20228 – Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20228
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). • https://advisory.splunk.com/advisories/SVD-2025-0303 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0CVE-2025-20227 – Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio
https://notcve.org/view.php?id=CVE-2025-20227
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure. • https://advisory.splunk.com/advisories/SVD-2025-0306 • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20226 – Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20226
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.111, and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the "/services/streams/search" endpoint through its "q" parameter. The vulnerability requires the attacker to phish the victim by tric... • https://advisory.splunk.com/advisories/SVD-2025-0305 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20231 – Sensitive Information Disclosure in Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20231
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information.
The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authentica... • https://advisory.splunk.com/advisories/SVD-2025-0302 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0367 – Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)
https://notcve.org/view.php?id=CVE-2025-0367
30 Jan 2025 — In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as SA-ldapsearch, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack. • https://advisory.splunk.com/advisories/SVD-2025-0103 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-22621 – Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR
https://notcve.org/view.php?id=CVE-2025-22621
07 Jan 2025 — In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin“ Splunk roles. In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to i... • https://advisory.splunk.com/advisories/SVD-2025-0101 • CWE-269: Improper Privilege Management •