- Description
- In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.2308.212, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on the “/app/search/search“ endpoint through its “s“ parameter. <br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will.
- Source
- psirt@cisco.com
- NVD status
- Analyzed
- Products
- splunk, splunk_cloud_platform
CVSS 3.1
- Type
- Primary
- Base score
- 5.7
- Impact score
- 3.6
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-200
- Hype score
- Not currently trending
CVE-2025-20232 Splunk Enterprise Privilege Escalation via Saved Search Manipulation https://t.co/UI17Xe8n6z Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
26 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20232 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.3.2408.103, 9.2.2406.108, 9.2.2403.113, 9.1.2312.208 and 9.1.23… https://t.co/EzZbcxg9R2
@CVEnew
26 Mar 2025
305 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "49EE75F0-2AD6-4712-9E2A-C000A44E5605",
"versionEndExcluding": "9.1.8",
"versionStartIncluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "5B7E20B1-E38E-4F5E-9F89-41FD4C231742",
"versionEndExcluding": "9.2.5",
"versionStartIncluding": "9.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "E66E66BA-AFC2-4E0A-B233-9E2C7D985AF0",
"versionEndExcluding": "9.3.3",
"versionStartIncluding": "9.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03261616-B31E-4709-A47B-AC0B580636DD",
"versionEndExcluding": "9.1.2308.212",
"versionStartIncluding": "9.1.2308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA2EB1C-85B3-4381-B924-EE6C1F08030D",
"versionEndExcluding": "9.1.2312.208",
"versionStartIncluding": "9.1.2312.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B59EC0E4-4626-498D-8E06-F23CB17E0E29",
"versionEndExcluding": "9.2.2403.113",
"versionStartIncluding": "9.2.2403.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41B20845-FE28-45ED-9B2D-499506F527FB",
"versionEndExcluding": "9.2.2406.108",
"versionStartIncluding": "9.2.2406.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B97D0B2-B795-424A-8565-9DB0127E604E",
"versionEndExcluding": "9.3.2408.103",
"versionStartIncluding": "9.3.2408.100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]