CVE-2025-20368 | THREATINT

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privileged user that does not hold the admin or power Splunk roles could craft a malicious payload through the error messages and job inspection details of a saved search. This could result in execution of unauthorized JavaScript code in the browser of a user.

PUBLISHED Reserved 2024-10-10 | Published 2025-10-01 | Updated 2025-10-01 | Assigner cisco

MEDIUM: 5.7CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Problem types

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Product status

10.0 before 10.0.0

affected

9.4 before 9.4.4

affected

9.3 before 9.3.6

affected

9.2 before 9.2.8

affected

9.3.2411 before 9.3.2411.108

affected

9.3.2408 before 9.3.2408.118

affected

9.2.2406 before 9.2.2406.123

affected

Credits

Danylo Dmytriiev (DDV_UA)

References

advisory.splunk.com/advisories/SVD-2025-1003

cve.org (CVE-2025-20368)

nvd.nist.gov (CVE-2025-20368)

Download JSON