Home

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

PUBLISHED Reserved 2024-10-10 | Published 2025-07-07 | Updated 2026-02-26 | Assigner cisco




MEDIUM: 6.8CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Problem types

The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Product status

9.4 (custom) before 9.4.3
affected

9.3 (custom) before 9.3.5
affected

9.2 (custom) before 9.2.7
affected

9.1 (custom) before 9.1.10
affected

References

advisory.splunk.com/advisories/SVD-2025-0702

cve.org (CVE-2025-20319)

nvd.nist.gov (CVE-2025-20319)

Download JSON