CVE-2025-20382

CVE-2025-20382 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power role) can create a views dashboard with a custom background via the data:image/png;base64 protocol, potentially causing an unvalidated redirect. This bypasses the external URL warning mechan...

PT-2025-48958

Name of the Vulnerable Software and Affected Versions Splunk Enterprise for Windows versions prior to 10.0.2 Splunk Enterprise for Windows versions prior to 9.4.6 Splunk Enterprise for Windows versions prior to 9.3.8 Splunk Enterprise for Windows versions prior to 9.2.10 Description A flaw exists...

PT-2025-48955

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions 9.2.10 through 9.4.6 Splunk Enterprise versions 9.3.8 Splunk Secure Gateway app versions below 3.7.28 Splunk Secure Gateway app versions 3.8.58 and below Splunk Secure Gatew...

Splunk Cloud Platform和Splunk Enterprise 信息泄露漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An information disclosure vulnerability exists...

Splunk Enterprise 9.2.0 < 9.2.10, 9.3.0 < 9.3.8, 9.4.0 < 9.4.6, 10.0 < 10.0.1 (SVD-2025-1203)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2025-1203 advisory. - In Splunk Enterprise versions below 10.0.1, 9.4.6, 9.3.8, and 9.2.10, and Splunk Cloud Platform versions below 10.1.2507.4,...

Splunk Enterprise和Splunk Secure Gateway 输入验证错误漏洞

Splunk Enterprise and Splunk Secure Gateway are both products of Splunk Corporation, U.S.A. Splunk Enterprise is a suite of data collection and analysis software.Splunk Secure Gateway is a secure gateway. Splunk Enterprise and Splunk Secure Gateway have an input validation error vulnerability tha...

Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...

Splunk Enterprise 安全漏洞

Splunk Enterprise is a suite of data collection and analytics software from Splunk, Inc. in the United States. A security vulnerability exists in Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, which stems from improperly assigned permissions during installation or upgrade,...

PT-2025-48959

Name of the Vulnerable Software and Affected Versions Splunk Universal Forwarder for Windows versions prior to 10.0.2 Splunk Universal Forwarder for Windows versions prior to 9.4.6 Splunk Universal Forwarder for Windows versions prior to 9.3.8 Splunk Universal Forwarder for Windows versions prior...

PT-2025-48961

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2 Splunk Enterprise versions 9.2.10 through 9.4.6 Splunk Enterprise versions 9.3.8 Splunk Secure Gateway app versions below 3.7.28 Splunk Secure Gateway app versions 3.8.58 and below Splunk Secure Gatew...

PT-2025-48953

In Splunk MCP Server app versions below 0.2.4, a user with access to the "run splunk query" Model Context Protocol MCP tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches, leading to unauthorized actions beyond the intended MCP restrictions...

Splunk MCP Server 安全漏洞

Splunk MCP Server is a multi-cloud platform server from Splunk USA. A security vulnerability exists in Splunk MCP Server versions prior to 0.2.4, which stems from the runsplunkquery tool that can bypass the SPL Command Allow List control, potentially leading to unauthorized operations...

PT-2025-48954

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.10, 10.0.2503.8, and 9.3.2411.120 Description A user with limited privileges, lacking administrator or power roles, can crea...

PT-2025-48957

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.6, 10.0.2503.7, and 9.3.2411.117 Description A user with the admin all objects privilege capability could potentially execut...

PT-2025-48960

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.7, and 9.3.2411.116 Description A user with a role containing the change authentication high privilege capabili...

PT-2025-48956

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.6, 9.3.8, and 9.2.10 Splunk Cloud Platform versions prior to 10.1.2507.4, 10.0.2503.6, and 9.3.2411.117.125 Description An unauthenticated attacker can inject American National Standards Institut...

Splunk Universal Forwarder 安全漏洞

Splunk Universal Forwarder is a Splunk component from Splunk, Inc. A security vulnerability exists in Splunk Universal Forwarder versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, which stems from improper assignment of privileges during installation or upgrade, and could result in a...

Splunk Cloud Platform和Splunk Enterprise 安全漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A security vulnerability exists in Splunk Clou...

Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. An input validation error vulnerability exists...

Splunk Cloud Platform和Splunk Enterprise 代码问题漏洞

Splunk Cloud Platform and Splunk Enterprise are both products of Splunk Corporation, U.S.A. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A code issue vulnerability exists in Splunk...