CVE-2025-22621 — Vulnetix

CVE-2025-22621 PUBLISHED CVSS 6.400000095367432 MEDIUM

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the “admin“ Splunk roles.

EPSS 0.21% · 42.6th percentile

Risk Scores

CVSS v3.1

6.400000095367432

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N

EPSS Score

0.21%

42.6th percentile

Affected Products

Vendor	Product	Versions
Splunk	Splunk App for SOAR	1.0

Timeline

Jan 7, 2025 CVE ID Reserved
Jan 7, 2025 CVE Published
Jan 7, 2025 PoC Published
Jan 7, 2025 PoC Published
Jan 7, 2025 PoC Published
Jan 7, 2025 PoC Published
Jan 7, 2025 PoC Published
Jan 7, 2025 PoC Published
Jan 8, 2025 EPSS Score
Jan 24, 2025 EPSS Score
Feb 8, 2025 EPSS Score
Feb 23, 2025 Coalition ESS Score

References

https://advisory.splunk.com/advisories/SVD-2025-0101 advisory
https://advisory.splunk.com/advisories/SVD-2025-0102 advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-22621 advisory

Open in Interactive Console →