[CIVN-2025-0350] Multiple Vulnerabilities in Splunk Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Splunk Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Splunk Enterprise versions prior to 9.2.10, 9.4.6, 9.3.8 and 10.0.2
Splunk Cloud Platform versions prior to 9.3.2411.120, 10.0.2503.8 and 10.1.2507.10
Splunk Secure Gateway versions prior to 3.7.28, 3.8.58 and 3.9.10
Splunk MCP Server versions prior to 0.2.4
Overview
Multiple vulnerabilities have been reported in Splunk products, which could allow a remote attacker to exploit these vulnerabilities and trigger denial of service conditions, execute arbitrary code, gain elevated privileges, bypass security restrictions or obtain sensitive information on the targeted system.
Target Audience:
All organizations and individuals using Splunk
Risk Assessment:
High risk of system compromise, data breach, service disruptions, Propagation of malware, system instability.
Impact Assessment:
Potential for local privilege escalation, service unavailability, unauthorized access and complete system compromise.
Description
Splunk is a platform that enables real-time search, monitoring, and analysis of machine-generated data. It collects, indexes, and correlates massive amounts of data produced by applications, servers, networks, and other infrastructure components.
Multiple vulnerabilities exist in Splunk products due to a flaw triggered when configuring a views dashboard with a custom background using the data:image/png;base64 protocol, improper access control in push notifications, unauthenticated log injection, improper validation of user-supplied input in the href attribute, incorrect permission assignment flaw, incorrect permissions assignment in the Universal Forwarder for Windows Installation directory, Blind Server Side Request Forgery (SSRF) through Distributed Search Peers, improper input validation in ‘label’ column and Model Context Protocol (MCP) tool could bypass the SPL command allow list controls in MCP by embedding SPL commands as sub-searches. An attacker could exploit these vulnerabilities by tricking a user to visit a specially-crafted website.
Successful exploitation of these vulnerabilities could allow a remote attacker to trigger denial of service conditions, execute arbitrary code, gain elevated privileges, bypass security restrictions or obtain sensitive information on the targeted system.
Solution
Apply appropriate fixes issued by the vendor.
https://advisory.splunk.com/advisories/SVD-2025-1201
https://advisory.splunk.com/advisories/SVD-2025-1202
https://advisory.splunk.com/advisories/SVD-2025-1203
https://advisory.splunk.com/advisories/SVD-2025-1204
https://advisory.splunk.com/advisories/SVD-2025-1205
https://advisory.splunk.com/advisories/SVD-2025-1206
https://advisory.splunk.com/advisories/SVD-2025-1207
https://advisory.splunk.com/advisories/SVD-2025-1208
https://advisory.splunk.com/advisories/SVD-2025-1210
Vendor Information
Splunk
https://advisory.splunk.com/advisories/SVD-2025-1201
https://advisory.splunk.com/advisories/SVD-2025-1202
https://advisory.splunk.com/advisories/SVD-2025-1203
https://advisory.splunk.com/advisories/SVD-2025-1204
https://advisory.splunk.com/advisories/SVD-2025-1205
https://advisory.splunk.com/advisories/SVD-2025-1206
https://advisory.splunk.com/advisories/SVD-2025-1207
https://advisory.splunk.com/advisories/SVD-2025-1208
https://advisory.splunk.com/advisories/SVD-2025-1210
References
Splunk
https://advisory.splunk.com/advisories/SVD-2025-1201
https://advisory.splunk.com/advisories/SVD-2025-1202
https://advisory.splunk.com/advisories/SVD-2025-1203
https://advisory.splunk.com/advisories/SVD-2025-1204
https://advisory.splunk.com/advisories/SVD-2025-1205
https://advisory.splunk.com/advisories/SVD-2025-1206
https://advisory.splunk.com/advisories/SVD-2025-1207
https://advisory.splunk.com/advisories/SVD-2025-1208
https://advisory.splunk.com/advisories/SVD-2025-1210
CVE Name
CVE-2025-20381
CVE-2025-20382
CVE-2025-20383
CVE-2025-20384
CVE-2025-20385
CVE-2025-20386
CVE-2025-20387
CVE-2025-20388
CVE-2025-20389
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmkxjcsACgkQ3jCgcSdc
ys+eOg//YWbSMyHlm7HyhM47Svk6CJtXTqCkHeKwioYW71zQcjYLMCKRgxltOgi+
Ww+cD/1h7FTzdRiRKGVxeu7Ty7Tvfwa0BImnRHhsupQ1LAEx9kwcYUT3JhsR53le
BUEM7a10Ak/mp6NY/gyXnDugxUaE2gns4uviAULBsXrjCC/IncJ3QkBgWXPfO4+B
N0SlPcoH2Iay324TJkCnqvuib26AifrU89HkqS2IVKuvwJh/2h1lSERQuFMFrBLV
xCwPMLIJiIgLQy1owCEn01Y4g0sbthWb2S8ODtF+swdUC9MOVrbgKU3Ue7s+T52+
rOBeHvrbbZQajEuw4cf+Twbtz50OcJ8dHLOy5Q+dER6FvALoJ03O9HtWvzaxj8ZB
sLhUUkqbA8DioHNOV3Y1gmk7qOy81Ul59m1oGyuzM9YiKIQ+90IAZhgIBpYl7zYb
lHKht+HZ50sg7uaKTy7dJuhGLdcMYa0hRZxk1lle5l963U5A9p+8Hxkc1oGfDBl5
pGzHSLzFvAr7Zyshk7EcwOF21yaPUfSII5yin9Nla+53HtAVc4Xf7om/WsSDM5nF
QxJ+uLghP0esqZ4GfK11+rgl+p6WFHIcSptkVYYwVOGOQyiIv0yADGl4LtNKFvSN
fxXF7JcQtehUvfp2HFiuZQKlMgqgM4uom+bAti7RPcmDPXcPsHw=
=i/eu
—–END PGP SIGNATURE—–
![[CIVN-2025-0351] Remote Code Execution Vulnerability in Microsoft Windows LNK](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
