Request a Demo
Rewterz
ICS: Multiple Siemens Products Vulnerabilities
July 9, 2025
Rewterz
CVE-2025-49719 – Microsoft SQL Server Zero-Day Vulnerability
July 9, 2025

Multiple Cisco Splunk Enterprise Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-20321 CVSS:6.5

In Splunk Enterprise, and Splunk Cloud Platform an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC. The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.

CVE-2025-20320 CVSS:6.3

In Splunk Enterprise, and Splunk Cloud Platform a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS). The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

CVE-2025-20319 CVSS:6.8

In Splunk Enterprise, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.

CVE-2025-20300 CVSS:4.3

In Splunk Enterprise, and Splunk Cloud Platform a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers.

Impact

  • Denial of Service
  • Gain Access
  • Privilege Escalation

Indicators of Compromise

CVE

  • CVE-2025-20321

  • CVE-2025-20320

  • CVE-2025-20319

  • CVE-2025-20300

Affected Vendors

  • Cisco

Affected Products

  • Cisco Splunk Enterprise version 9.4.2
  • Cisco Splunk Enterprise version 9.4.3
  • Cisco Splunk Enterprise version 9.3.5
  • Cisco Splunk Enterprise version 9.2.7
  • Cisco Splunk Enterprise version 9.1.10
  • Cisco Cloud Platform version 9.3.2411.103
  • Cisco Cloud Platform version 9.3.2408.113
  • Cisco Cloud Platform version 9.3.2408.117
  • Cisco Cloud Platform version 9.3.2411.107
  • Cisco Cloud Platform version 9.2.2408.121
  • Cisco Cloud Platform version 9.2.2406.119

Remediation

Refer to Cisco Website for patch, upgrade, or suggested workaround information.

CVE-2025-20321

CVE-2025-20320

CVE-2025-20319

CVE-2025-20300