Splunk Products Multiple Vulnerabilities
Release Date: 9 Jul 2025
RISK: Medium Risk
TYPE: Security software and application - Security Software & Appliance
Multiple vulnerabilities were identified in Splunk products. A remote attacker could exploit some of these vulnerabilities to trigger sensitive information disclosure, security restriction bypass, remote code execution, denial of service condition and elevation of privilege on the targeted system.
Impact
- Elevation of Privilege
- Security Restriction Bypass
- Information Disclosure
- Remote Code Execution
- Denial of Service
System / Technologies affected
- Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10
- Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117 and 9.2.2406.119
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://advisory.splunk.com/advisories/SVD-2025-0702
- https://advisory.splunk.com/advisories/SVD-2025-0703
- https://advisory.splunk.com/advisories/SVD-2025-0704
- https://advisory.splunk.com/advisories/SVD-2025-0705
- https://advisory.splunk.com/advisories/SVD-2025-0706
- https://advisory.splunk.com/advisories/SVD-2025-0707
- https://advisory.splunk.com/advisories/SVD-2025-0708
- https://advisory.splunk.com/advisories/SVD-2025-0709
Vulnerability Identifier
- CVE-2025-20300
- CVE-2025-20319
- CVE-2025-20320
- CVE-2025-20321
- CVE-2025-20322
- CVE-2025-20323
- CVE-2025-20324
- CVE-2025-20325
Source
Related Link
- https://advisory.splunk.com/advisories/SVD-2025-0702
- https://advisory.splunk.com/advisories/SVD-2025-0703
- https://advisory.splunk.com/advisories/SVD-2025-0704
- https://advisory.splunk.com/advisories/SVD-2025-0705
- https://advisory.splunk.com/advisories/SVD-2025-0706
- https://advisory.splunk.com/advisories/SVD-2025-0707
- https://advisory.splunk.com/advisories/SVD-2025-0708
- https://advisory.splunk.com/advisories/SVD-2025-0709
沒有留言:
發佈留言