CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20322 – Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20322
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).
The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating... • https://advisory.splunk.com/advisories/SVD-2025-0705 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20321 – Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20321
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.
The vulnerability requires the attacker to phish the administrator-level victim by tri... • https://advisory.splunk.com/advisories/SVD-2025-0704 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20324 – Improper Access Control in System Source Types Configuration in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20324
07 Jul 2025 — In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST end... • https://advisory.splunk.com/advisories/SVD-2025-0707 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2025-20320 – Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise
https://notcve.org/view.php?id=CVE-2025-20320
07 Jul 2025 — In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk d... • https://advisory.splunk.com/advisories/SVD-2025-0703 • CWE-35: Path Traversal: '.../ •