CVE-2025-20300

Description

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Reserved 2024-10-10 | Published 2025-07-07 | Updated 2025-07-07 | Assigner cisco

Problem types

The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Product status

9.4 before 9.4.2
affected

9.3 before 9.3.5
affected

9.2 before 9.2.6
affected

9.1 before 9.1.9
affected

9.3.2411 before 9.3.2411.103
affected

9.3.2408 before 9.3.2408.112
affected

9.2.2406 before 9.2.2406.119
affected

Credits

Anton (therceman)

References

advisory.splunk.com/advisories/SVD-2025-0708

cve.org (CVE-2025-20300)

nvd.nist.gov (CVE-2025-20300)

Download JSON