Half a dozen security issues affecting multiple versions of Splunk Enterprise and Splunk Cloud Platform have been flagged by Splunk, the most severe of which is the high-severity unauthenticated blind server-side request forgery vulnerability, tracked as CVE-2025-20371, reports The Cyber Express.Threat actors who have activated enableSplunkWebClientNetloc setting and obtained victim-initiated requests, could leverage CVE-2025-20371, to make REST API requests with elevated privileges, according to Splunk. On the other hand, the cross-site scripting flaws, tracked as CVE-2025-20367 and CVE-2025-20368, could allow low-privileged users to run malicious JavaScript in other users' browsers, potentially exposing sessions and sensitive data.Meanwhile, CVE-2025-20370 is a denial-of-service flaw where users with the change_authentication privilege can overload the server with LDAP bind requests. Additional issues include CVE-2025-20369, an XXE injection via dashboard labels, and CVE-2025-20366, an access control flaw in background jobs that could expose sensitive search results.To mitigate risks, Splunk recommends upgrading to Enterprise 10.0.1, 9.4.4, 9.3.6, 9.2.8, or later. Cloud patches are applied automatically. Temporary steps include disabling Splunk Web, restricting high-privilege roles, and turning off enableSplunkWebClientNetloc. No detection signatures are currently available.
Vulnerability Management, Patch/Configuration Management
Splunk warns of six severe security bugs

Credit: Adobe Stock Images
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



