Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-20319
PUBLISHED
More InfoOfficial Page
Assigner-cisco
Assigner Org ID-d1c1063e-7a18-46af-9102-31f8928bc633
View Known Exploited Vulnerability (KEV) details
Published At-07 Jul, 2025 | 17:48
Updated At-11 Jul, 2025 | 13:30
Rejected At-
▼CVE Numbering Authority (CNA)
Remote Command Execution through Scripted Input Files in Splunk Enterprise

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

Affected Products
Vendor
Splunk LLC (Cisco Systems, Inc.)Splunk
Product
Splunk Enterprise
Versions
Affected
  • From 9.4 before 9.4.3 (custom)
  • From 9.3 before 9.3.5 (custom)
  • From 9.2 before 9.2.7 (custom)
  • From 9.1 before 9.1.10 (custom)
Problem Types
TypeCWE IDDescription
cweCWE-78The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Metrics
VersionBase scoreBase severityVector
3.16.8MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://advisory.splunk.com/advisories/SVD-2025-0702
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found