Splunk Security Patches: Unauthorized Access Possible
Splunk's monitoring and security software is vulnerable. Splunk Enterprise is affected, among others.
(Image: AFANASEV IVAN/ Shutterstock.com)
If attackers successfully exploit security vulnerabilities in Splunk Enterprise, Universal Forwarder, or Secure Gateway App, they can gain access to system areas that are normally inaccessible, among other things.
Depending on the application, this affects the Windows and/or Web versions. Admins can find specific details in the security advisories linked below this message. So far, there are no reports of attacks. Admins should install one of the secured versions 9.2.10, 9.3.8, 9.4.6, or 10.0.2 promptly.
The Dangers
If this is not done, attackers can, among other things, access C:\Program Files\Splunk under Windows without the otherwise required administrator rights (Enterprise for Windows: CVE-2025-20386 "high", Universal Forwarder for Windows: CVE-2025-20387 "high"). Additionally, they could manipulate log files (CVE-2025-20384 "medium") or trigger DoS states and thus crashes (CVE-2025-20389 "medium").
Videos by heise
List sorted by threat level in descending order:
- Incorrect permission assignment on Splunk Enterprise for Windows during new installation or upgrade
- Incorrect permissions assignment on Splunk Universal Forwarder for Windows during new installation or upgrade
- Unauthenticated Log Injection in Splunk Enterprise
- Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app
- Improper Input Validation in "label" column field in Splunk Secure Gateway App
- URL validation bypass through Views Dashboard in Splunk Enterprise
- Blind Server Side Request Forgery (SSRF) through Distributed Search Peers in Splunk Enterprise
- Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise
(des)
