Primary

Context

Splunk XXE Injection Vulnerability in Dashboard Labels Allowing Denial-of-Service

Vulnerability

Patched

A vulnerability allowing XML external entity (XXE) injection has been identified in Splunk Enterprise versions prior to 9.4.4, 9.3.6, and 9.2.8, as well as in Splunk Cloud Platform versions prior to 9.3.2411.108, 9.3.2408.118, and 9.2.2406.123. This vulnerability allows low privilege users, who do not have 'admin' or 'power' roles, to inject malicious XML that could be exploited to perform denial-of-service attacks.

Impact

Exploitation of this vulnerability could lead to denial-of-service conditions, causing Splunk to become unresponsive or unavailable.

Remediation

Users of Splunk Enterprise should upgrade to versions 9.4.4, 9.3.6, or 9.2.8. For Splunk Cloud Platform users, no action is needed as Splunk is actively monitoring and patching instances. Additionally, turning off Splunk Web can mitigate the vulnerability.

Added: Oct 1, 2025, 5:18 PM

Updated: Oct 1, 2025, 5:18 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.2

remediation

8.3

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Splunk XXE Injection Vulnerability in Dashboard Labels Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Splunk

Splunk Cloud Platform

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating