Unauthorized Information Disclosure in Splunk Enterprise by Low-Privileged Users
CVE-2025-20231

7.1HIGH

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Secure Gateway
Vendor: CVE Published:; 26 March 2025

Summary

In specific versions of Splunk Enterprise and the Splunk Secure Gateway app on Splunk Cloud Platform, low-privileged users can exploit a vulnerability that allows them to run searches under the permissions of higher-privileged users. This can potentially lead to the unauthorized disclosure of sensitive information. The attack relies on phishing, where the low-privileged user tricks a victim into executing a request through their browser. Consequently, this vulnerability poses a risk of exposing critical information without requiring elevated privileges directly.

Affected Version(s)

Splunk Enterprise 9.4 < 9.4.1

Splunk Enterprise 9.3 < 9.3.3

Splunk Enterprise 9.2 < 9.2.5

References

https://advisory.splunk.com/advisories/SVD-2025-0302

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Anton (therceman)