Information Disclosure in Splunk Enterprise and Cloud Platform
CVE-2025-20227

4.3MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-20227?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, low-privileged users can bypass a critical content warning in Dashboard Studio. This vulnerability potentially exposes sensitive information that could be leveraged for further attacks. Proper configuration and version updates are crucial to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Splunk Cloud Platform 9.3.2408 < 9.3.2408.107

Splunk Cloud Platform 9.2.2406 < 9.2.2406.113

Splunk Cloud Platform 9.2.2403 < 9.2.2403.115

References

https://advisory.splunk.com/advisories/SVD-2025-0306

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Taihei Shimamine

JSON

Splunk