[CIVN-2025-0148] Multiple vulnerabilities in Splunk
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple vulnerabilities in Splunk
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: MEDIUM
Software Affected
Splunk enterprise versions prior to 9.4.3, 9.3.5, 9.2.7 and 9.1.10.
Splunk Enterprise cloud Platform versions prior to 9.3.2411.107, 9.3.2408.117 and 9.2.2406.119
Splunk cloud Platform versions prior to 9.3.2411.103, 9.3.2408.113 and 9.2.2406.119
Overview
Multiple vulnerabilities has been reported in Splunk products, which could allow a remote attacker to exploit these vulnerabilities to trigger denial of service conditions, execute arbitrary code, gain elevated privileges, bypass security restrictions or obtain sensitive information on the targeted system.
Target Audience:
All organizations and individuals using Splunk for real-time insights from machine-generated data.
Impact Assessment:
Potential for local privilege escalation, service unavailability, unauthorized access and complete system compromise.
Risk Assessment:
High risk of system compromise, data breach, service disruptions, Propagation of malware, system instability.
Description
Splunk is a platform that enables real-time search, monitoring, and analysis of machine-generated data. It collects, indexes, and correlates massive amounts of data produced by applications, servers, networks, and other infrastructure components.
These vulnerabilities exist in Splunk products due to a flaw when configure the SHCConfig log channel at the DEBUG logging level in the clustered deployment, improper access control, Missing Access Control of Saved Searches, improper input validation or improper user input sanitization on the scripted input files. An attacker could exploit these vulnerabilities by tricking a user to visit a specially-crafted website.
Successful exploitation of these vulnerabilities could allow a remote attacker to trigger denial of service conditions, execute arbitrary code, gain elevated privileges, bypass security restrictions or obtain sensitive information on the targeted system.
Solution
Apply appropriate fixes issued by the vendor.
https://advisory.splunk.com/advisories/SVD-2025-0702
https://advisory.splunk.com/advisories/SVD-2025-0703
https://advisory.splunk.com/advisories/SVD-2025-0704
https://advisory.splunk.com/advisories/SVD-2025-0705
https://advisory.splunk.com/advisories/SVD-2025-0706
https://advisory.splunk.com/advisories/SVD-2025-0707
https://advisory.splunk.com/advisories/SVD-2025-0708
https://advisory.splunk.com/advisories/SVD-2025-0709
Vendor Information
Splunk
https://www.splunk.com
References
Splunk
https://advisory.splunk.com/advisories/SVD-2025-0702
https://advisory.splunk.com/advisories/SVD-2025-0703
https://advisory.splunk.com/advisories/SVD-2025-0704
https://advisory.splunk.com/advisories/SVD-2025-0705
https://advisory.splunk.com/advisories/SVD-2025-0706
https://advisory.splunk.com/advisories/SVD-2025-0707
https://advisory.splunk.com/advisories/SVD-2025-0708
https://advisory.splunk.com/advisories/SVD-2025-0709
CVE Name
CVE-2025-20300
CVE-2025-20319
CVE-2025-20320
CVE-2025-20321
CVE-2025-20322
CVE-2025-20323
CVE-2025-20324
CVE-2025-20325
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmh3tUAACgkQ3jCgcSdc
ys+SyBAAjUzOOwo3PaWky8KtdjldQ8t906Dtdm7xPU0no4uOttU77oiXU6ejWhhV
T6vfEte5OuEOuG07XYp9HnMU3o/y0UlMPYdAf/L+xwJpH721X7EpEsWt6yEiV/75
nEUGm3UutU4w/fKGtO54jjklpwZ+oyoh7+7LlquPcaxCB+6HmX/2tMpQcgrYV8BG
B+Ix/KQVA3RNLRy/rvg2+s9R+P0z0Uzdi/jm0iwqiI7zAWjLGs/IyS+5WbjLvNsl
qlqcaNKWfktdaz+2ttTVcaGjC8iCOQaqISqX01NxhUJlayt/S340om061YaCDk60
WKTQJhDK+pLNgf4IgKiINWcZuVdufMTQISmTiC6d2p9DMrM8k9ygKkYMO2uaaOkO
FnncOcWOb859YXoD6p7b/k3SI6DHXJRnl+i46aEWgsT6QvDL91qicFonOVSduORi
kLymLomw+9dncgaXZsAYCG7UDvJkSly7JiAxzsgHA4Mpgih5NyH7up3Afetfj13o
V/ajXAmrmgQWOH6QV/K7IKF5Nw85tDRaRktYjPpNtG1T6jPCXJstAsI/PBY0STLP
SvyxlgipeLXwtOtRG+scbdXga9wxm4iAlXwI3lMgFf5lL5XCS0VgGIi2Tn2wFhct
8NrdCuAFTW4LExn80Anq1X8V7wsjU/VxwLGDLHBVy487SYv7aVo=
=xMZl
—–END PGP SIGNATURE—–