Skip to main content

Splunk Cloud Platform CVE-2025-20322

| EUVD-2025-20297 MEDIUM
Cross-Site Request Forgery (CSRF) (CWE-352)
2025-07-07 psirt@cisco.com
CSRF Denial Of Service Splunk Cloud Platform Splunk
4.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
9.3.5,9.2.7,9.2.2406.119
EUVD ID Assigned
Mar 16, 2026 - 03:37 euvd
EUVD-2025-20297
Analysis Generated
Mar 16, 2026 - 03:37 vuln.today
CVE Published
Jul 07, 2025 - 18:15 nvd
MEDIUM 4.3

DescriptionCVE.org

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See How rolling restart works for more information.

Analysis

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See How rolling restart works for more information.

Technical ContextAI

Cross-Site Request Forgery forces authenticated users to perform unintended actions by tricking their browser into sending forged requests. This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352).

RemediationAI

Implement anti-CSRF tokens for all state-changing operations. Use SameSite cookie attribute. Verify the Origin/Referer header on the server side.

More from same product – last 7 days

CVE-2026-20254 MEDIUM
5.7 Jun 10

CSS injection in Splunk Enterprise and Splunk Cloud Platform classic dashboards enables credential and sensitive data ex
CVE-2026-20255 MEDIUM
5.7 Jun 10

Classic dashboard URL validation bypass in Splunk Enterprise and Splunk Cloud Platform enables low-privileged authentica
CVE-2026-20256 MEDIUM
5.7 Jun 10

Classic dashboard drill-down links in Splunk Enterprise and Splunk Cloud Platform can be weaponized by low-privileged au
CVE-2026-20257 MEDIUM
5.7 Jun 10

Classic dashboard style attribute injection in Splunk Enterprise and Splunk Cloud Platform enables a low-privileged auth
CVE-2026-20259 MEDIUM
5.5 Jun 10

Improper access control on the saved search ownership reassignment endpoint in Splunk Enterprise and Splunk Cloud Platfo

Share

CVE-2025-20322 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy