Splunk Enterprise vulnerabilities

136 known vulnerabilities affecting splunk/splunk_enterprise.

Total CVEs

136

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH42MEDIUM86LOW7

Vulnerabilities

Page 2 of 7

CVE-2025-20379LOWCVSS 3.5≥ 10.0, < 10.0.1≥ 9.4, < 9.4.5+2 more2025-11-12

CVE-2025-20379 [LOW] CWE-200 CVE-2025-20379: In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versio In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the S

cvelistv5nvd

CVE-2025-20371HIGHCVSS 8.8≥ 10.0, < 10.0.1≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20371 [HIGH] CWE-918 CVE-2025-20371: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versio In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.

cvelistv5nvd

CVE-2025-20368MEDIUMCVSS 5.4≥ 10.0, < 10.0.0≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20368 [MEDIUM] CWE-79 CVE-2025-20368: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execut

cvelistv5nvd

CVE-2025-20369MEDIUMCVSS 6.5≥ 10.0, < 10.0.0≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20369 [MEDIUM] CWE-776 CVE-2025-20369: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE

cvelistv5nvd

CVE-2025-20370MEDIUMCVSS 4.9≥ 10.0, < 10.0.1≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20370 [MEDIUM] CWE-400 CVE-2025-20370: In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versi In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a user who holds a role that contains the high-privilege capability `change_authentication`, could send multiple LDAP bind requests to a specific internal endpoint, resulting in high server CPU us

cvelistv5nvd

CVE-2025-20367MEDIUMCVSS 5.4≥ 10.0, < 10.0.0≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20367 [MEDIUM] CWE-79 CVE-2025-20367: In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result i

cvelistv5nvd

CVE-2025-20366MEDIUMCVSS 6.5≥ 10.0, < 10.0.0≥ 9.4, < 9.4.4+2 more2025-10-01

CVE-2025-20366 [MEDIUM] CWE-284 CVE-2025-20366: In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions belo In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an administrative search job in the background. If the low privile

cvelistv5nvd

CVE-2025-20320HIGHCVSS 7.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20320 [MEDIUM] CWE-35 CVE-2025-20320: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a

cvelistv5nvd

CVE-2025-20323MEDIUMCVSS 4.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20323 [MEDIUM] CWE-284 CVE-2025-20323: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

cvelistv5nvd

CVE-2025-20324MEDIUMCVSS 5.4≥ 9.4, < 9.4.2≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20324 [MEDIUM] CWE-284 CVE-2025-20324: In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2

cvelistv5nvd

CVE-2025-20300MEDIUMCVSS 4.3≥ 9.4, < 9.4.2≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20300 [MEDIUM] CWE-863 CVE-2025-20300: In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform version In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression

cvelistv5nvd

CVE-2025-20322MEDIUMCVSS 4.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20322 [MEDIUM] CWE-352 CVE-2025-20322: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versi In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentia

cvelistv5nvd

CVE-2025-20321MEDIUMCVSS 4.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20321 [MEDIUM] CWE-352 CVE-2025-20321: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potent

cvelistv5nvd

CVE-2025-20319MEDIUMCVSS 6.8≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20319 [MEDIUM] CWE-78 CVE-2025-20319: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that co In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.See [Define roles on the Splunk platform with capabilities]

cvelistv5nvd

CVE-2025-20325MEDIUMCVSS 5.3≥ 9.4, < 9.4.3≥ 9.3, < 9.3.5+2 more2025-07-07

CVE-2025-20325 [LOW] CWE-200 CVE-2025-20325: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versi In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.113, and 9.2.2406.119, the software potentially exposes the search head cluster [splunk.secret](https://help.splunk.com/en/splunk-enterprise/administer/manage-users-and-security/9.4/install-splunk-enterprise-securely/depl

cvelistv5nvd

CVE-2025-20297MEDIUMCVSS 5.4≥ 9.4, < 9.4.2≥ 9.3, < 9.3.4+2 more2025-06-02

CVE-2025-20297 [MEDIUM] CWE-79 CVE-2025-20297: In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript

cvelistv5nvd

CVE-2025-20229HIGHCVSS 8.0≥ 9.4, < 9.4.0≥ 9.3, < 9.3.3+2 more2025-03-26

CVE-2025-20229 [HIGH] CWE-284 CVE-2025-20229: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions bel In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" dir

cvelistv5nvd

CVE-2025-20232MEDIUMCVSS 5.7≥ 9.3, < 9.3.3≥ 9.2, < 9.2.5+1 more2025-03-26

CVE-2025-20232 [MEDIUM] CWE-200 CVE-2025-20232: In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to b

cvelistv5nvd

CVE-2025-20227MEDIUMCVSS 4.3≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26

CVE-2025-20227 [MEDIUM] CWE-20 CVE-2025-20227: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versio In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards whi

cvelistv5nvd

CVE-2025-20230MEDIUMCVSS 6.5≥ 9.4, < 9.4.1≥ 9.3, < 9.3.3+2 more2025-03-26

CVE-2025-20230 [MEDIUM] CWE-284 CVE-2025-20230: In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3. In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gate

cvelistv5nvd

← Previous2 / 7Next →