CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20322 – Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20322
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).
The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating... • https://advisory.splunk.com/advisories/SVD-2025-0705 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20321 – Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20321
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.
The vulnerability requires the attacker to phish the administrator-level victim by tri... • https://advisory.splunk.com/advisories/SVD-2025-0704 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20325 – Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20325
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCCon... • https://advisory.splunk.com/advisories/SVD-2025-0709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20324 – Improper Access Control in System Source Types Configuration in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20324
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST end... • https://advisory.splunk.com/advisories/SVD-2025-0707 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20320 – Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20320
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk d... • https://advisory.splunk.com/advisories/SVD-2025-0703 • CWE-35: Path Traversal: '.../ •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20300 – Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20300
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-an... • https://advisory.splunk.com/advisories/SVD-2025-0708 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20297 – Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component
https://notcve.org/view.php?id=CVE-2025-20297
02 Jun 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise anteriores a 9.4.2, 9.3.4 y 9.2.6, y en las versiones de Splunk Cloud Platform anteriores ... • https://advisory.splunk.com/advisories/SVD-2025-0601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20232 – Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20232
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter.
The vulnerability requires the attacker to phish ... • https://advisory.splunk.com/advisories/SVD-2025-0304 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2025-20229 – Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20229
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. • https://advisory.splunk.com/advisories/SVD-2025-0301 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-20228 – Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20228
26 Mar 2025 — In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF). • https://advisory.splunk.com/advisories/SVD-2025-0303 • CWE-352: Cross-Site Request Forgery (CSRF) •