- Description
- In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.
- Source
- psirt@cisco.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
- psirt@cisco.com
- CWE-284
- Hype score
- Not currently trending
CVE-2025-20323 Splunk Enterprise Privilege Escalation via Unauthorized Scheduled... https://t.co/MbO5yYIOBE Customizable Vulnerability Alerts: https://t.co/U7998fz7yk
@VulmonFeeds
8 Jul 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-20323 In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the s… https://t.co/BLcHPaidkO
@CVEnew
7 Jul 2025
242 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes