CVE-2025-22621

Summary

In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the admin_all_objects capability to the splunk_app_soar role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk App for SOAR1.0 < 1.0.71affected

Weaknesses

  • CWE-269: The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References