CVE-2025-20300 | THREATINT

Description

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

PUBLISHED Reserved 2024-10-10 | Published 2025-07-07 | Updated 2025-07-08 | Assigner cisco

MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem types

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Product status

9.4 (custom) before 9.4.2

affected

9.3 (custom) before 9.3.5

affected

9.2 (custom) before 9.2.6

affected

9.1 (custom) before 9.1.9

affected

9.3.2411 (custom) before 9.3.2411.103

affected

9.3.2408 (custom) before 9.3.2408.112

affected

9.2.2406 (custom) before 9.2.2406.119

affected

Credits

Anton (therceman)

References

advisory.splunk.com/advisories/SVD-2025-0708

cve.org (CVE-2025-20300)

nvd.nist.gov (CVE-2025-20300)

Download JSON