Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code

02/10/2025

Splunk has released patches for multiple vulnerabilities in its Enterprise and Cloud Platform products, some of which could allow attackers to execute unauthorized JavaScript code, access sensitive information, or cause a denial-of-service (DoS) condition.

The advisories, published on October 1, 2025, detail six security flaws, with severity ratings ranging from Medium to High.

The most critical vulnerability is a Server-Side Request Forgery (SSRF) flaw, tracked as CVE-2025-20371, with a high CVSS score of 7.5.

This vulnerability could allow an unauthenticated attacker to trigger a blind SSRF, potentially enabling them to perform REST API calls on behalf of an authenticated, high-privileged user.

Successful exploitation requires the enableSplunkWebClientNetloc setting to be enabled and likely involves phishing the victim to initiate a request from their browser.

Code Execution and Information Disclosure Flaws

Two vulnerabilities directly address the execution of unauthorized JavaScript code, a form of cross-site scripting (XSS).

CVE-2025-20367 (CVSS: 5.7): A low-privileged user can craft a malicious payload through the dataset.command parameter of a specific endpoint, leading to the execution of JavaScript code in a user’s browser.
CVE-2025-20368 (CVSS: 5.7): Similarly, a low-privileged user can inject a malicious payload into the error messages and job inspection details of a saved search, resulting in unauthorized code execution.

Another significant flaw, CVE-2025-20366 (CVSS: 6.5), allows for information disclosure. In this scenario, a low-privileged user without ‘admin’ or ‘power’ roles could access the results of an administrative search job running in the background.

If the attacker correctly guesses the unique Search ID (SID) of the job, they could retrieve potentially sensitive search results.

Denial of Service and XXE Vulnerabilities

The security update also addresses three medium-severity vulnerabilities that could impact system availability and integrity:

CVE-2025-20370 (CVSS: 4.9): A user with the change_authentication capability can send multiple LDAP bind requests to an internal endpoint, causing high CPU usage and a potential DoS that requires an instance restart to resolve.
CVE-2025-20369 (CVSS: 4.6): A low-privileged user can perform an XML External Entity (XXE) injection through the dashboard tab label field, which could also lead to a DoS attack.

Affected Products and Mitigations

The vulnerabilities affect multiple versions of Splunk Enterprise and Splunk Cloud Platform. The affected Splunk Enterprise versions include those below 9.4.4, 9.3.6, and 9.2.8. For some flaws, version 10.0.0 is also affected.

Splunk has released patches and urges customers to upgrade to the following or later versions:

CVE IDVulnerability TypeCVSS 3.1 ScoreAffected ProductAffected VersionsFixed VersionsCVE-2025-20366Information Disclosure6.5 (Medium)Splunk Enterprise9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.79.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.111 Below 9.3.2408.119 Below 9.2.2406.1229.3.2411.111 9.3.2408.119 9.2.2406.122CVE-2025-20367Cross-Site Scripting (XSS)5.7 (Medium)Splunk Enterprise9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.79.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.109 Below 9.3.2408.119 Below 9.2.2406.1229.3.2411.109 9.3.2408.119 9.2.2406.122CVE-2025-20368Cross-Site Scripting (XSS)5.7 (Medium)Splunk Enterprise9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.79.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.108 Below 9.3.2408.118 Below 9.2.2406.1239.3.2411.108 9.3.2408.118 9.2.2406.123CVE-2025-20369XXE Injection4.6 (Medium)Splunk Enterprise9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.79.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.108 Below 9.3.2408.118 Below 9.2.2406.1239.3.2411.108 9.3.2408.118 9.2.2406.123CVE-2025-20370Denial of Service (DoS)4.9 (Medium)Splunk Enterprise10.0.0 9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.710.0.1 9.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.108 Below 9.3.2408.118 Below 9.2.2406.1239.3.2411.108 9.3.2408.118 9.2.2406.123CVE-2025-20371Server-Side Request Forgery (SSRF)7.5 (High)Splunk Enterprise10.0.0 9.4.0 – 9.4.3 9.3.0 – 9.3.5 9.2.0 – 9.2.710.0.1 9.4.4 9.3.6 9.2.8Splunk Cloud PlatformBelow 9.3.2411.109 Below 9.3.2408.119 Below 9.2.2406.1229.3.2411.109 9.3.2408.119 9.2.2406.122

Splunk has confirmed it is actively patching all Splunk Cloud Platform instances and will notify customers upon completion.

For users unable to apply the updates immediately, several workarounds are available. A common mitigation for many of the vulnerabilities is to disable Splunk Web if it is not required.

For the SSRF flaw (CVE-2025-20371), administrators can mitigate the risk by setting enableSplunkWebClientNetloc to false in the web.conf file.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

Source: cybersecuritynews.com

Your RAM has more than one XMP profile, and here's when to use the others

Enabling XMP or EXPO in the motherboard's BIOS is one of the first things all enthusiasts do after building a new PC. It's an easy way to ensure that you're getting the RAM speed you paid for, and often times doesn't compromise stability. They stand for eXtreme Memory Profile and Extended Profiles for Overclocking, and are different flavors of RAM overclocking validation for Intel and AMD, … [Read More...]

Ditching smart home subscriptions for open-source Home Assistant

I quickly grew tired of having countless smart home subscriptions to create the ultimate tech-laden household. And it's not just the usual suspects, like an alarm system, network switches, or some bulbs requiring cloud support plans. Almost everything you can purchase for the "smart home" can come packing some advanced features that require some sort of recurring fee. Like media subscriptions such … [Read More...]

I migrated my cloud photos to my self-hosted Immich, here's how

Like most people, I've been on the Google Photos bandwagon for years now. Photos of trips, birthdays, receipts, and random food snaps have all been backed up to Google Photos. Initially, it was free and convenient as an add-on perk with my Pixel phone. Over time, I ran into the same problems as everyone else. While the perk disappeared, I was locked in, and my growing library pushed me towards … [Read More...]

I replaced Adobe Premiere with DaVinci Resolve, and I'm not missing out on anything

Leaving my Adobe subscriptions behind felt like a gamble at first. Some tools were easy to replace, especially since there are so many great open-source graphics apps out there. But some were harder to replace – finding a decent alternative for After Effects felt like it took forever. And then there was also Premiere Pro. Source: xda-developers.com … [Read More...]

You have to play these Mario games before the Super Mario Galaxy Movie comes out in 2026

Nintendo announced the sequel to The Super Mario Bros. Movie will be hitting theaters on April 3, 2026. The follow-up is titled The Super Mario Galaxy Movie, and was revealed during the Sepember 2025 Nintendo Direct Presentation as part of the celebration of the 40th anniversary of the Super Mario series. To commemorate the occasion, Nintendo is releasing multiple Mario games for the Nintendo … [Read More...]

This week’s best deal is a ‘kids’ Kindle Paperwhite that’s better than the adult version

Our other favorite deals from this week include refurbished Sonos gear and the 8BitDo Ultimate 2 controller.Oct 4, 2025, 5:00 PM UTCSheena Vasani writes about tech news, reviews gadgets, and helps readers save money by highlighting deals and product recommendations for The Verge.Amazon’s Prime Big Deal Days may bring some great Kindle deals, but if you can’t wait, you don’t have to. Right now, the … [Read More...]

Vicinae is basically Raycast for Linux, and it's (almost) everything I wanted

Recently, I've written quite a bit about Raycast, and how it's my absolute favorite app on macOS, and now on Windows as well, thanks to the recent beta launch. But outside of macOS, I'm more of a Linux user these days, and I recently expressed my wish that Raycast would come there, too. Source: xda-developers.com … [Read More...]

Microsoft sneakily drops DLC discounts that come with Xbox Game Pass

After Microsoft decided to jack up the price of its Xbox Game Pass subscriptions to up to $30 a month, it has another unwelcome surprise for members. In a statement provided to multiple outlets like Insider Gaming, a spokesperson for Microsoft confirmed it has removed the discounts for DLC that come with a Game Pass subscription, replacing them by offering points for its Rewards program.While … [Read More...]

The best Amazon Prime Day deals under $50: Early sales on tech from Apple, Anker, Ring, JBL, Roku and others

Prime Day sales are a great opportunity to nab an expensive bit of shiny new tech you’ve been eying — it’s also an excellent time to get a discount on smaller electronics and accessories. For this list, we compared what’s on sale right now with the stuff we recommend in our guides. For less than $50 each, we found deals on some of our favorite tech including batteries, iPhone paraphernalia, mice, … [Read More...]

4 Linux kernel tweaks I made that actually improved performance

If you want something that offers stability, flexibility, and performance, you'll want to consider a Linux distribution. A major part of what makes this operating system (OS) such an easy recommendation is the kernel, the core of what makes everything work. The Linux kernel manages everything from scheduling processes to managing memory allocation and device communication. It's so good that you … [Read More...]