Improper Access Control in Splunk App for SOAR by Splunk
CVE-2025-22621

6.4MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk App For Soar
Vendor: CVE Published:; 7 January 2025

Summary

Versions of the Splunk App for SOAR up to and including 1.0.67 contain a vulnerability that stems from the Splunk documentation suggesting the addition of the 'admin_all_objects' capability to the 'splunk_app_soar' role. This misconfiguration could allow low-privileged users without the appropriate 'admin' roles to gain unauthorized access to critical application functions, potentially leading to unauthorized data exposure or manipulation. It is crucial for users to review their role assignments and ensure that access controls are appropriately set to mitigate this risk.

Affected Version(s)

Splunk App for SOAR 1.0 < 1.0.71

References

https://advisory.splunk.com/advisories/SVD-2025-0101

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 7, 2025

Credit

Gabriel Nitu, Splunk