SB2025032668 - Multiple vulnerabilities in Splunk Enterprise

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025032668

SB2025032668 - Multiple vulnerabilities in Splunk Enterprise

Published: March 26, 2025

Security Bulletin ID SB2025032668
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 80% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2025-20227)

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unprivileged user can bypass the external content warning modal dialog box in Dashboard Studio dashboards.


2) Information disclosure (CVE-ID: CVE-2025-20226)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the "/services/streams/search" endpoint. A remote attacker can trick the victim into initiating a request within their browser and gain access to sensitive information.


3) Information disclosure (CVE-ID: CVE-2025-20232)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the "/app/search/search" endpoint. A remote attacker can trick the victim into initiating a request within their browser and gain access to sensitive information.


4) Cross-site request forgery (CVE-ID: CVE-2025-20228)

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website and change the maintenance mode state of App Key Value Store (KVStore).


5) Arbitrary file upload (CVE-ID: CVE-2025-20229)

The vulnerability allows a remote user to compromise vulnerable system.

The vulnerability exists due to insufficient validation of file during file upload. A remote unprivileged user can upload a malicious file into the "$SPLUNK_HOME/var/run/splunk/apptemp" directory and execute it on the server.


Remediation

Install update from vendor's website.

References