July 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens Products Vulnerabilities
July 9, 2025CVE-2025-49719 – Microsoft SQL Server Zero-Day Vulnerability
July 9, 2025ICS: Multiple Siemens Products Vulnerabilities
July 9, 2025CVE-2025-49719 – Microsoft SQL Server Zero-Day Vulnerability
July 9, 2025
Severity
Medium
Analysis Summary
CVE-2025-20321 CVSS:6.5
In Splunk Enterprise, and Splunk Cloud Platform an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC. The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.
CVE-2025-20320 CVSS:6.3
In Splunk Enterprise, and Splunk Cloud Platform a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS). The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
CVE-2025-20319 CVSS:6.8
In Splunk Enterprise, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.
CVE-2025-20300 CVSS:4.3
In Splunk Enterprise, and Splunk Cloud Platform a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers.
Impact
- Denial of Service
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
CVE-2025-20321
CVE-2025-20320
CVE-2025-20319
CVE-2025-20300
Affected Vendors
- Cisco
Affected Products
- Cisco Splunk Enterprise version 9.4.2
- Cisco Splunk Enterprise version 9.4.3
- Cisco Splunk Enterprise version 9.3.5
- Cisco Splunk Enterprise version 9.2.7
- Cisco Splunk Enterprise version 9.1.10
- Cisco Cloud Platform version 9.3.2411.103
- Cisco Cloud Platform version 9.3.2408.113
- Cisco Cloud Platform version 9.3.2408.117
- Cisco Cloud Platform version 9.3.2411.107
- Cisco Cloud Platform version 9.2.2408.121
- Cisco Cloud Platform version 9.2.2406.119
Remediation
Refer to Cisco Website for patch, upgrade, or suggested workaround information.