PT-2025-48953 · Splunk · Splunk Mcp Server
Published
2025-12-03
·
Updated
2025-12-03
·
CVE-2025-20381
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Splunk MCP Server app versions prior to 0.2.4
Description
A user with access to the "run splunk query" Model Context Protocol (MCP) tool could bypass the SPL command allowlist controls in MCP by embedding SPL commands as sub-searches. This could lead to unauthorized actions beyond the intended MCP restrictions. The vulnerable component is the Model Context Protocol (MCP) tool.
Recommendations
Update to Splunk MCP Server app version 0.2.4 or later.
Fix
LPE
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Mcp Server