CVE-2025-20319
BaseFortify
Publication date: 2025-07-07
Last updated on: 2025-07-21
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| splunk | splunk | From 9.1.0 (inc) to 9.1.10 (exc) |
| splunk | splunk | From 9.2.0 (inc) to 9.2.7 (exc) |
| splunk | splunk | From 9.3.0 (inc) to 9.3.5 (exc) |
| splunk | splunk | From 9.4.0 (inc) to 9.4.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Splunk Enterprise versions prior to 9.4.3, 9.3.5, 9.2.7, and 9.1.10 allows a user with roles containing both the high-privilege capabilities 'edit_scripted' and 'list_inputs' to perform remote command execution. It occurs due to improper sanitization of user input in scripted input files, which enables execution of arbitrary commands remotely. [1]
How can this vulnerability impact me? :
The vulnerability can lead to remote command execution by a privileged user, potentially compromising the confidentiality, integrity, and availability of the affected system. An attacker could execute arbitrary commands remotely, which may result in unauthorized access, data breaches, or disruption of services. [1]
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate steps to mitigate this vulnerability are to upgrade Splunk Enterprise to versions 9.4.3, 9.3.5, 9.2.7, or 9.1.10 or later. If upgrading is not feasible immediately, remove the 'edit_scripted' capability from user roles to prevent exploitation. [1]