WHAT ARE YOU LOOKING FOR?

Popular Tags

Raleigh, NC

32°F
Scattered Clouds Humidity: 93%
Wind: 2.76 M/S

Critical Flaws in Splunk Expose Platforms to Code Injection

Cyber-Threat Hits: 86
Critical Flaws in Splunk Expose Platforms to Code Injection

Splunk has disclosed six critical security vulnerabilities affecting multiple versions of both Splunk Enterprise and Splunk Cloud Platform. These flaws expose the platform's web components to attacks that could lead to unauthorized code execution, sensitive data access, and server-side request forgery (SSRF). 

Key Vulnerabilities Revealed 

The reported flaws include several high-risk issues: 

  • Server-Side Request Forgery (SSRF): The most severe flaw is CVE-2025-20371 (CVSS 7.5), an unauthenticated blind SSRF vulnerability. This allows attackers to trick Splunk into making REST API calls on behalf of authenticated high-privilege users. Exploitation typically requires phishing the user and depends on a specific configuration setting being enabled. 
  • Cross-Site Scripting (XSS): Two flaws (CVE-2025-20367 and CVE-2025-20368) allow low-privileged users to inject and execute malicious JavaScript code. This XSS could compromise other user sessions and expose sensitive data. 
  • Improper Access Control (CVE−2025−20366): Low-privileged users can guess unique search job IDs to gain unauthorized access to sensitive search results. 
  • Denial of Service (DoS): Two vulnerabilities could lead to service disruption. CVE-2025-20370 allows users with the change_authentication privilege to overwhelm the server with LDAP requests, forcing a restart. CVE-2025-20369 involves XML External Entity (XXE) injection that can trigger a DoS attack. 

Third-Party Component Updates 

Splunk also addressed multiple vulnerabilities stemming from vulnerable third-party packages used in Splunk Enterprise. These updates involved removing flawed packages (like protobuf-java and webpack) and upgrading essential components (like mongod and curl) to patch high-severity issues that could have led to remote code execution. 

Mitigation and Action 

Splunk strongly recommends users upgrade immediately to the fixed versions: 10.0.1, 9.4.4, 9.3.6, or 9.2.8 and higher for Splunk Enterprise. Splunk Cloud Platform is being actively patched by the company. 

Where immediate upgrades aren't possible, temporary mitigations include disabling Splunk Web to reduce attack surface and turning off the enableSplunkWebClientNetloc setting to reduce SSRF risk. 

Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post. 

Image
Back To Top

With Cybersecurity Insights, current news and event trends will be captured on cybersecurity, recent systems / cyber-attacks, artificial intelligence (AI), technology innovation happening around the world; to keep our viewers fast abreast with the current happening with technology, system security, and how its effect our lives and ecosystem. 

Please fill the required field.