In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://advisory.splunk.com/advisories/SVD-2025-0704 |
![]() ![]() |
History
Mon, 07 Jul 2025 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 07 Jul 2025 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.114, and 9.2.2406.119, an unauthenticated attacker can send a specially-crafted SPL search that could change the membership state in a Splunk Search Head Cluster (SHC) through a Cross-Site Request Forgery (CSRF), potentially leading to the removal of the captain or a member of the SHC.<br><br>The vulnerability requires the attacker to phish the administrator-level victim by tricking them into initiating a request within their browser. The attacker should not be able to exploit the vulnerability at will. | |
Title | Membership State Change in Splunk Search Head Cluster through a Cross-Site Request Forgery (CSRF) in Splunk Enterprise | |
Weaknesses | CWE-352 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: cisco
Published: 2025-07-07T17:48:03.146Z
Updated: 2025-07-07T18:07:50.729Z
Reserved: 2024-10-10T19:15:13.254Z
Link: CVE-2025-20321

Updated: 2025-07-07T18:07:41.196Z

Status : Awaiting Analysis
Published: 2025-07-07T18:15:26.143
Modified: 2025-07-08T16:18:34.923
Link: CVE-2025-20321

No data.