SB2025100707 - Splunk Enterprise Security update for third-party components 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025100707

SB2025100707 - Splunk Enterprise Security update for third-party components

Published: October 7, 2025

Security Bulletin ID SB2025100707
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 36% Medium 50% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Prototype pollution (CVE-ID: CVE-2022-46175)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the JSON5.parse() function. A remote attacker can inject and execute arbitrary script code.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


2) Improper Certificate Validation (CVE-ID: CVE-2025-4947)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing certificate validation for QUIC connections when connecting to a host specified as an IP address in the URL. A remote attacker can perform Man-in-the-middle (MitM) attack.

Note, successful exploitation of the vulnerability requires wolfSSL to be used as the TLS backend for QUIC to trigger.


3) Improper Certificate Validation (CVE-ID: CVE-2025-5025)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to libcurl does not perform pinning of the server certificate public key for HTTPS transfers when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. A remote attacker can perform Man-in-the-middle (MitM) attack and track the victim into connecting to a malicious server.


4) Integer overflow (CVE-ID: CVE-2025-0725)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when handling gzip decompression of content-encoded HTTP responses with the CURLOPT_ACCEPT_ENCODING option using zlib 1.2.0.3 or older. A remote attacker can send specially crafted response to the application, trigger an integer overflow and execute arbitrary code on the target system.



5) Information disclosure (CVE-ID: CVE-2025-0167)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application can leak credentials when asked to use a .netrc file for credentials and to follow HTTP redirects. A remote attacker can gain access to sensitive information.


6) Resource exhaustion (CVE-ID: CVE-2021-44906)

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.


7) Improper Certificate Validation (CVE-ID: CVE-2024-1351)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to under certain configurations of --tlsCAFile and tls.CAFile the server may skip peer certificate validation. A remote attacker can perform MitM attack and compromise communication between MongoDB server and client. 


8) Prototype pollution (CVE-ID: CVE-2022-37601)

The disclosed vulnerability allows a remote attacker to perform prototype pollution attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the parseQuery() function in parseQuery.js. A remote attacker can inject and execute arbitrary JavaScript code.



9) Improper access control (CVE-ID: CVE-2024-7553)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper access restrictions. A local user can bypass implemented security restrictions and execute arbitrary behaviour determined by the contents of untrusted files.


10) Uncontrolled Recursion (CVE-ID: CVE-2024-7254)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields. A remote attacker can pass specially crafted input to the application to create unbounded recursions and perform a denial of service (DoS) attack.


11) Heap-based buffer overflow (CVE-ID: CVE-2015-5237)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Buffer overflow (CVE-ID: CVE-2025-52999)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when parsing deeply nested JSON files. A remote attacker can pass a specially crafted JSON file to the application, trigger memory corruption and perform a denial of service (DoS) attack.


13) Improper authorization (CVE-ID: CVE-2024-45337)

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to improper authorization caused by improper usage of the ServerConfig.PublicKeyCallback callback. A remote attacker can bypass authorization in certain cases and gain access to the application.


14) Heap-based buffer overflow (CVE-ID: CVE-2025-32415)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the xmlSchemaIDCFillNodeTables() function. A remote attacker can pass specially crafted XML data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


Remediation

Install update from vendor's website.

References