CVE-2025-20319

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.
Configurations

No configuration.

History

08 Jul 2025, 16:18

Type Values Removed Values Added
Summary
  • (es) En las versiones de Splunk Enterprise anteriores a 9.4.3, 9.3.5, 9.2.7 y 9.1.10, un usuario que tenga un rol que contenga la capacidad de alto privilegio `edit_scripted` y la capacidad `list_inputs` podría realizar una ejecución remota de comandos debido a una depuración incorrecta de la entrada del usuario en los archivos de entrada con capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.

07 Jul 2025, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-07 18:15

Updated : 2025-07-08 16:18


NVD link : CVE-2025-20319

Mitre link : CVE-2025-20319

CVE.ORG link : CVE-2025-20319


JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')