Cross-Site Request Forgery Vulnerability in Splunk Enterprise and Cloud
CVE-2025-20228

6.5MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 26 March 2025

What is CVE-2025-20228?

In certain versions of Splunk Enterprise and Splunk Cloud Platform, a low-privileged user, lacking 'admin' or 'power' roles, could manipulate the maintenance mode state of the App Key Value Store (KVStore). This vulnerability arises due to inadequate protections against Cross-Site Request Forgery (CSRF), potentially allowing unauthorized changes to critical system settings without sufficient privileges.

Affected Version(s)

Splunk Cloud Platform 9.2.2403 < 9.2.2403.108

Splunk Cloud Platform 9.1.2312 < 9.1.2312.204

Splunk Enterprise 9.3 < 9.3.3

References

https://advisory.splunk.com/advisories/SVD-2025-0303

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Anton (therceman)