- 217/2025
- High
Splunk has released security updates to fix several vulnerabilities across multiple Splunk products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, conduct cross-site scripting attacks, conduct denial of service attacks, or gain access to the affected product.
Sample of the addressed vulnerabilities:
1. Splunk Enterprise Unauthenticated Blind Server Side Request Forgery (SSRF)Vulnerability (CVE-2025-20371):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: Required
- Consequences: Gain Access
2. Splunk Enterprise Improper Access Control in Background Job Submission Vulnerability (CVE-2025-20366):
- CVSS: 6.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Obtain Information
Sample of the affected products:
- Splunk Enterprise REST API version 10.0.0.
- Splunk Enterprise (Splunk Web) versions from 9.4.0 to 9.4.3.
- Splunk Cloud Platform (Splunk Web) versions below 9.3.2411.111.
Vulnerabilities
- CVE-2025-20366
- CVE-2025-20367
- CVE-2025-20368
- CVE-2025-20369
- CVE-2025-20370
- CVE-2025-20371
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.