CVE-2025-20322

Published: Jul 7, 2025Modified: Jul 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information.

Affected (7)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.1.0 to 9.1.10
Splunk Splunk	From 9.2.0 to 9.2.7
Splunk Splunk	From 9.3.0 to 9.3.5
Splunk Splunk	From 9.4.0 to 9.4.3
Splunk Splunk Cloud Platform	From 9.2.2406 to 9.2.2406.119
Splunk Splunk Cloud Platform	From 9.3.2408 to 9.3.2408.113
Splunk Splunk Cloud Platform	From 9.3.2411 to 9.3.2411.104

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-0705

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.