We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-20227

Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio



Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.

Reserved 2024-10-10 | Published 2025-03-26 | Updated 2025-03-27 | Assigner cisco


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.

Product status

9.4 before 9.4.1
affected

9.3 before 9.3.3
affected

9.2 before 9.2.5
affected

9.1 before 9.1.8
affected

9.3.2408 before 9.3.2408.107
affected

9.2.2406 before 9.2.2406.113
affected

9.2.2403 before 9.2.2403.115
affected

9.1.2312 before 9.1.2312.208
affected

9.1.2308 before 9.1.2308.214
affected

Credits

Taihei Shimamine

References

advisory.splunk.com/advisories/SVD-2025-0306

cve.org (CVE-2025-20227)

nvd.nist.gov (CVE-2025-20227)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-20227

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.