Primary

Context

Splunk Enterprise Remote Command Execution Vulnerability via Scripted Inputs

Vulnerability

A remote command execution vulnerability has been identified in Splunk Enterprise versions prior to 9.4.3, 9.3.5, 9.2.7, and 9.1.10. This issue arises from improper sanitization of user input in scripted input files, allowing users with roles that include the high-privilege capabilities 'edit_scripted' and 'list_inputs' to execute commands remotely.

Impact

Exploitation of this vulnerability allows for remote command execution on the affected system.

Remediation

Users are advised to upgrade Splunk Enterprise to versions 9.4.3, 9.3.5, 9.2.7, 9.1.10, or higher. If an upgrade is not possible, the high-privilege capability 'edit_scripted' should be removed from the user role.

Added: Jul 7, 2025, 6:32 PM

Updated: Jul 7, 2025, 6:32 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.8

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk Enterprise Remote Command Execution Vulnerability via Scripted Inputs

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating