CVE-2025-20320

Published Jul 7, 2025

Last updated 10 months ago

CVSS medium 6.3

Splunk

Overview

Description: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.
Source: psirt@cisco.com
NVD status: Analyzed
Products: splunk, splunk_cloud_platform

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.3
Impact score: 5.2
Exploitability score: 2.1
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Severity: HIGH

Weaknesses

psirt@cisco.com: CWE-35

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "F363265C-BE8B-4D9E-BCD7-52D75D4454BA",
            "versionEndExcluding": "9.1.10",
            "versionStartIncluding": "9.1.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "16D7B94B-6E57-4462-BDB1-884E3268967D",
            "versionEndExcluding": "9.2.7",
            "versionStartIncluding": "9.2.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "2AE238E0-742D-4595-8F72-C2D7256718EA",
            "versionEndExcluding": "9.3.5",
            "versionStartIncluding": "9.3.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
            "matchCriteriaId": "6E95070D-E7E2-40F7-8282-0964FC1664F4",
            "versionEndExcluding": "9.4.3",
            "versionStartIncluding": "9.4.0",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "69993EB7-DEC3-416D-AD92-72B87A714DAA",
            "versionEndExcluding": "9.2.2406.121",
            "versionStartIncluding": "9.2.2406",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "45C46DB9-D18B-4A8D-ABBE-88C1AA326903",
            "versionEndExcluding": "9.3.2408.117",
            "versionStartIncluding": "9.3.2408",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:a:splunk:splunk_cloud_platform:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "3EFAE9C0-842B-4E8E-BEC2-B96B1EA0C9C1",
            "versionEndExcluding": "9.3.2411.107",
            "versionStartIncluding": "9.3.2411",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References