Remote Command Execution Vulnerability in Splunk Enterprise by Splunk
CVE-2025-20319

6.8MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-20319?

In Splunk Enterprise, prior to version 9.4.3, a significant vulnerability exists that enables a user with specific high-privilege capabilities, such as 'edit_scripted' and 'list_inputs', to carry out remote command execution. This flaw arises from inadequate sanitization of user input within scripted input files, potentially allowing malicious actors to execute arbitrary commands on the server. For further details on managing roles and capabilities within Splunk, refer to the official documentation.

Affected Version(s)

Splunk Enterprise 9.4 < 9.4.3

Splunk Enterprise 9.3 < 9.3.5

Splunk Enterprise 9.2 < 9.2.7

References

https://advisory.splunk.com/advisories/SVD-2025-0702

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Oct 10, 2024