Privilege Escalation in Splunk Enterprise Due to Inadequate Permission Handling
CVE-2025-20226

5.7MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-20226?

In certain versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user can exploit a flaw that allows them to execute saved searches using risky commands. This vulnerability involves the use of the permissions of higher-privileged users to bypass safeguards implemented on the search endpoint. By tricking a victim into initiating a request in their browser, the attacker can access privileged functionalities without having the necessary roles, such as 'admin' or 'power'. This necessitates social engineering tactics to successfully initiate the attack.

Affected Version(s)

Splunk Cloud Platform 9.3.2408 < 9.3.2408.107

Splunk Cloud Platform 9.2.2406 < 9.2.2406.111

Splunk Cloud Platform 9.1.2308 < 9.1.2308.214

References

https://advisory.splunk.com/advisories/SVD-2025-0305

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Anton (therceman)