CVE-2025-20367 | THREATINT

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, a low-privileged user that does not hold the 'admin' or 'power' Splunk roles could craft a malicious payload through the `dataset.command` parameter of the `/app/search/table` endpoint, which could result in execution of unauthorized JavaScript code in the browser of a user.

PUBLISHED Reserved 2024-10-10 | Published 2025-10-01 | Updated 2025-10-01 | Assigner cisco

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Product status

10.0 before 10.0.0

affected

9.4 before 9.4.4

affected

9.3 before 9.3.6

affected

9.2 before 9.2.8

affected

9.3.2411 before 9.3.2411.109

affected

9.3.2408 before 9.3.2408.119

affected

9.2.2406 before 9.2.2406.122

affected

Credits

Danylo Dmytriiev (DDV_UA)

Anudeep Gandla, Splunk

References

advisory.splunk.com/advisories/SVD-2025-1002

cve.org (CVE-2025-20367)

nvd.nist.gov (CVE-2025-20367)

Download JSON