What is the CVSS score of CVE-2025-20321?

CVE-2025-20321 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Splunk are affected by CVE-2025-20321?

Organizations using Splunk Enterprise should be aware of notable risk from CVE-2025-20321, a cross-site request forgery vulnerability rated CVSS 6.5.. A patch is available.

How to fix or mitigate CVE-2025-20321?

Within 30 days: Identify affected systems running Splunk Enterprise and apply vendor patches as part of regular patch cycle. Verify anti-CSRF tokens are enforced.

Splunk CVE-2025-20321

EUVD-2025-20295 MEDIUM

Cross-Site Request Forgery (CSRF) (CWE-352)

2025-07-07 psirt@cisco.com

CSRF Splunk Splunk Cloud Platform

6.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

6.5 MEDIUM

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

9.3.5,9.3.2411.104,9.2.7

EUVD ID Assigned

Mar 16, 2026 - 03:37 euvd

EUVD-2025-20295

Analysis Generated

Mar 16, 2026 - 03:37 vuln.today

CVE Published

Jul 07, 2025 - 18:15 nvd

MEDIUM 6.5

DescriptionCVE.org

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.

Analysis

Technical ContextAI

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

RemediationAI

Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

More from same product – last 7 days

CVE-2026-20253 CRITICAL Act Now

9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2026-20251 HIGH This Week

8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil

CVE-2026-20258 HIGH This Week

7.1 Jun 10

Stored cross-site scripting in Splunk Enterprise (below 10.2.4, 10.0.7, 9.4.12, 9.3.13) and Splunk Cloud Platform (below

CVE-2026-20254 MEDIUM This Month

5.7 Jun 10

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data ex

CVE-2026-20255 MEDIUM This Month

5.7 Jun 10

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authentica

CVE-2025-20321 vulnerability details – vuln.today

Back

Splunk CVE-2025-20321

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code