CVE-2025-20322— Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-20322
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise
Source: NVD (National Vulnerability Database)
Vulnerability Description
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, an unauthenticated attacker could send a specially-crafted SPL search command that could trigger a rolling restart in the Search Head Cluster through a Cross-Site Request Forgery (CSRF), potentially leading to a denial of service (DoS).<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.<br><br>See [How rolling restart works](https://docs.splunk.com/Documentation/Splunk/9.4.2/DistSearch/RestartSHC) for more information.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Splunk Cloud Platform和Splunk Enterprise 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Splunk Cloud Platform和Splunk Enterprise都是美国Splunk公司的产品。Splunk Cloud Platform是一个强大的数据收集、处理和分析服务。Splunk Enterprise是一套数据收集分析软件。 Splunk Cloud Platform和Splunk Enterprise存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造,可能导致拒绝服务。以下产品及版本受到影响:Splunk Enterprise 9.4.3、9.3.5、9.2.7和9.1.10之前版本和
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Splunk | Splunk Enterprise | 9.4 ~ 9.4.3 | - | |
| Splunk | Splunk Enterprise Cloud | 9.3.2411 ~ 9.3.2411.104 | - |
II. Public POCs for CVE-2025-20322
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-20322
请登录查看更多情报信息。
Same Patch Batch · Splunk · 2025-07-07 · 8 CVEs total
| CVE-2025-20319 | 6.8 MEDIUM | Remote Command Execution through Scripted Input Files in Splunk Enterprise |
| CVE-2025-20321 | 6.5 MEDIUM | Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery |
| CVE-2025-20320 | 6.3 MEDIUM | Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Ente |
| CVE-2025-20324 | 5.4 MEDIUM | Improper Access Control in System Source Types Configuration in Splunk Enterprise |
| CVE-2025-20323 | 4.3 MEDIUM | Missing Access Control of Saved Searches in the Splunk Archiver app |
| CVE-2025-20300 | 4.3 MEDIUM | Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enter |
| CVE-2025-20325 | 3.1 LOW | Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments |
IV. Related Vulnerabilities
Same product: Splunk Enterprise
- CVE-2026-20203
Improper Access Control in Data Model Acceleration in Splunk - CVE-2026-20204
Improper Handling and Insufficient Isolation of Specific Tem - CVE-2026-20202
Improper Input Validation during User Account Creation in Sp - CVE-2026-20163
Remote Command Execution (RCE) through the '/splunkd/__uploa - CVE-2026-20162
Stored Cross-Site Scripting (XSS) through Path Traversal in
Same vendor: Splunk
- CVE-2026-20205
Sensitive Information Disclosure in ''_internal'' index in S - CVE-2026-20203
Improper Access Control in Data Model Acceleration in Splunk - CVE-2026-20204
Improper Handling and Insufficient Isolation of Specific Tem - CVE-2026-20202
Improper Input Validation during User Account Creation in Sp - CVE-2026-20163
Remote Command Execution (RCE) through the '/splunkd/__uploa
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2025-20322
No comments yet