CVE-2025-20322Cross-Site Request Forgery in Enterprise

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.0%
top 85.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Splunk EnterpriseSplunk Enterprise CloudSplunk+1 more
Timeline
PublishedJul 7

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initia

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.119+2
CVEListV5splunk/splunk_enterprise_cloud9.3.24119.3.2411.104+2
CVEListV5splunk/splunk_enterprise9.49.4.3+3
NVDsplunk/splunk9.1.09.1.10+3

🔴Vulnerability Details

2
GHSA
GHSA-934h-hvxg-j69v: In Splunk Enterprise versions below 92025-07-07
CVEList
Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise2025-07-07
CVE-2025-20322 — Cross-Site Request Forgery in Splunk | cvebase