CVE-2025-20319
Remote Command Execution through Scripted Input Files in Splunk Enterprise
CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
0th
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a user who holds a role that contains the high-privilege capability `edit_scripted` and `list_inputs` capability , could perform a remote command execution due to improper user input sanitization on the scripted input files.<br><br>See [Define roles on the Splunk platform with capabilities](https://docs.splunk.com/Documentation/Splunk/latest/Security/Rolesandcapabilities) and [Setting up a scripted input ](https://docs.splunk.com/Documentation/Splunk/9.4.2/AdvancedDev/ScriptSetup)for more information.
| CWE | CWE-78 |
| Vendor | splunk |
| Product | splunk enterprise |
| Published | Jul 7, 2025 |
| Last Updated | Feb 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for splunk splunk enterprise
Be the first to know when new medium vulnerabilities affecting splunk splunk enterprise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
Splunk / Splunk Enterprise
9.4 < 9.4.3 9.3 < 9.3.5 9.2 < 9.2.7 9.1 < 9.1.10