Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Splunk — Vulnerabilities & Security Advisories 155

Browse all 155 CVE security advisories affecting Splunk. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Splunk operates primarily as a data analytics platform designed for searching, monitoring, and analyzing machine-generated big data via a web interface. Its architecture, which integrates complex data ingestion pipelines with extensive third-party app ecosystems, has historically exposed it to diverse vulnerability classes. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation or insecure default configurations in its web components. While no single catastrophic breach defines its history, the sheer volume of disclosed flaws highlights systemic risks in its expansive feature set. Security practitioners must rigorously patch these instances, as the platform’s central role in enterprise observability makes unmitigated vulnerabilities particularly impactful. The current count of 155 CVEs underscores the necessity for continuous configuration auditing and strict access controls to maintain integrity within organizations relying on this infrastructure.

Top products by Splunk: Splunk Enterprise Splunk Add-on Builder Splunk App for Lookup File Editing Splunk Enterprise Security (ES) Splunk MCP Server Splunk App for Stream Splunk SOAR (On-premises) Splunk ITSI Splunk App for SOAR Splunk Supporting Add-on for Active Directory Splunk/UniversalForwarder for Windows Splunk Add-on for Palo Alto Networks
CVE IDTitleCVSSSeverityPublished
CVE-2025-20370 Denial of Service (DoS) through Multiple LDAP Bind Requests in Splunk Enterprise — Splunk EnterpriseCWE-400 4.9 Medium2025-10-01
CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise — Splunk EnterpriseCWE-284 6.5 Medium2025-10-01
CVE-2025-20369 Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise — Splunk EnterpriseCWE-776 4.6 Medium2025-10-01
CVE-2025-20322 Denial of Service (DoS) in Search Head Cluster through Cross-Site Request Forgery (CSRF) in Splunk Enterprise — Splunk EnterpriseCWE-352 4.3 Medium2025-07-07
CVE-2025-20323 Missing Access Control of Saved Searches in the Splunk Archiver app — Splunk EnterpriseCWE-284 4.3 Medium2025-07-07
CVE-2025-20321 Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise — Splunk EnterpriseCWE-352 6.5 Medium2025-07-07
CVE-2025-20325 Sensitive Information Disclosure in the SHCConfig logging channel in Clustered Deployments in Splunk Enterprise — Splunk EnterpriseCWE-200 3.1 Low2025-07-07
CVE-2025-20319 Remote Command Execution through Scripted Input Files in Splunk Enterprise — Splunk EnterpriseCWE-78 6.8 Medium2025-07-07
CVE-2025-20324 Improper Access Control in System Source Types Configuration in Splunk Enterprise — Splunk EnterpriseCWE-284 5.4 Medium2025-07-07
CVE-2025-20320 Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise — Splunk EnterpriseCWE-35 6.3 Medium2025-07-07
CVE-2025-20300 Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise — Splunk EnterpriseCWE-863 4.3 Medium2025-07-07
CVE-2025-20298 Incorrect permission assignment on Universal Forwarder for Windows during new installation or upgrade — Splunk/UniversalForwarder for WindowsCWE-732 8.0 High2025-06-02
CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component — Splunk EnterpriseCWE-79 4.3 Medium2025-06-02
CVE-2025-20230 Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App — Splunk EnterpriseCWE-284 4.3 Medium2025-03-26
CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing — Splunk App for Lookup File EditingCWE-732 2.5 Low2025-03-26
CVE-2025-20232 Risky Command Safeguards Bypass in “/app/search/search“ endpoint through “s“ parameter in Splunk Enterprise — Splunk EnterpriseCWE-200 5.7 Medium2025-03-26
CVE-2025-20229 Remote Code Execution through file upload to “$SPLUNK_HOME/var/run/splunk/apptemp“ directory in Splunk Enterprise — Splunk EnterpriseCWE-284 8.0 High2025-03-26
CVE-2025-20228 Maintenance mode state change of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise — Splunk EnterpriseCWE-352 6.5 Medium2025-03-26
CVE-2025-20227 Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio — Splunk EnterpriseCWE-20 4.3 Medium2025-03-26
CVE-2025-20226 Risky command safeguards bypass in “/services/streams/search“ endpoint through “q“ parameter in Splunk Enterprise — Splunk EnterpriseCWE-200 5.7 Medium2025-03-26
CVE-2025-20231 Sensitive Information Disclosure in Splunk Secure Gateway App — Splunk EnterpriseCWE-532 7.1 High2025-03-26
CVE-2025-0367 Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch) — Splunk Supporting Add-on for Active DirectoryCWE-1333 6.5 Medium2025-01-30
CVE-2025-22621 Privilege escalation for users who hold the “splunk_app_soar“ role in the Splunk App for SOAR — Splunk App for SOARCWE-269 6.4 Medium2025-01-07
CVE-2024-53244 Risky command safeguards bypass in “/en-US/app/search/report“ endpoint through “s“ parameter — Splunk EnterpriseCWE-200 5.7 Medium2024-12-10
CVE-2024-53246 Sensitive Information Disclosure through SPL commands — Splunk EnterpriseCWE-319 5.3 Medium2024-12-10
CVE-2024-53243 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway — Splunk EnterpriseCWE-200 4.3 Medium2024-12-10
CVE-2024-53245 Information Disclosure due to Username Collision with a Role that has the same Name as the User — Splunk EnterpriseCWE-200 3.1 Low2024-12-10
CVE-2024-53247 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app — Splunk EnterpriseCWE-502 8.8 High2024-12-10
CVE-2024-45739 Sensitive information disclosure in AdminManager logging channel — Splunk EnterpriseCWE-200 4.9 Medium2024-10-14
CVE-2024-45738 Sensitive information disclosure in REST_Calls logging channel — Splunk EnterpriseCWE-200 4.9 Medium2024-10-14

This page lists every published CVE security advisory associated with Splunk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.