We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20319

Remote Command Execution through Scripted Input Files in Splunk Enterprise



Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

Reserved 2024-10-10 | Published 2025-07-07 | Updated 2025-07-07 | Assigner cisco


MEDIUM: 6.8CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Product status

9.4 before 9.4.3
affected

9.3 before 9.3.5
affected

9.2 before 9.2.7
affected

9.1 before 9.1.10
affected

References

advisory.splunk.com/advisories/SVD-2025-0702

cve.org (CVE-2025-20319)

nvd.nist.gov (CVE-2025-20319)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20319

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.