CVE-2025-20297 | THREATINT

Description

In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.

PUBLISHED Reserved 2024-10-10 | Published 2025-06-02 | Updated 2025-06-02 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Problem types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Product status

9.4 (custom) before 9.4.2

affected

9.3 (custom) before 9.3.4

affected

9.2 (custom) before 9.2.6

affected

9.1 (custom) before 9.1.9

affected

9.3.2411 (custom) before 9.3.2411.102

affected

9.3.2408 (custom) before 9.3.2408.111

affected

9.2.2406 (custom) before 9.2.2406.118

affected

Credits

Klevis Luli, Splunk

References

advisory.splunk.com/advisories/SVD-2025-0601

cve.org (CVE-2025-20297)

nvd.nist.gov (CVE-2025-20297)

Download JSON