CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20322 – Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20322
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).
The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating... • https://advisory.splunk.com/advisories/SVD-2025-0705 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20323 – Missing Access Control of Saved Searches in the Splunk Archiver app
https://notcve.org/view.php?id=CVE-2025-20323
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app. En versiones de Splunk Enterprise anteriores a 9.4.3, 9.3.5, 9.2.7 y 9.1.10, un usuario con privilegios bajos que no tenga los roles de "admin" o "power" de Splunk podría desactivar la búsq... • https://advisory.splunk.com/advisories/SVD-2025-0706 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20321 – Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20321
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.
The vulnerability requires the attacker to phish the administrator-level victim by tri... • https://advisory.splunk.com/advisories/SVD-2025-0704 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 3.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20325 – Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20325
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/deploy-secure-passwords-across-multiple-servers) key. This exposure could happen if you have a Search Head cluster and you configure the Splunk Enterprise `SHCCon... • https://advisory.splunk.com/advisories/SVD-2025-0709 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2025-20319 – Remote Command Execution through Scripted Input Files in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20319
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.
See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documenta... • https://advisory.splunk.com/advisories/SVD-2025-0702 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20324 – Improper Access Control in System Source Types Configuration in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20324
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST end... • https://advisory.splunk.com/advisories/SVD-2025-0707 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20320 – Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20320
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk d... • https://advisory.splunk.com/advisories/SVD-2025-0703 • CWE-35: Path Traversal: '.../ •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20300 – Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20300
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-an... • https://advisory.splunk.com/advisories/SVD-2025-0708 • CWE-863: Incorrect Authorization •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20297 – Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component
https://notcve.org/view.php?id=CVE-2025-20297
02 Jun 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user. En las versiones de Splunk Enterprise anteriores a 9.4.2, 9.3.4 y 9.2.6, y en las versiones de Splunk Cloud Platform anteriores ... • https://advisory.splunk.com/advisories/SVD-2025-0601 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-20230 – Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App
https://notcve.org/view.php?id=CVE-2025-20230
26 Mar 2025 — In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.
In the affected versions, the `no... • https://advisory.splunk.com/advisories/SVD-2025-0307 • CWE-284: Improper Access Control •