Improper Access Control in Splunk App for Lookup File Editing
CVE-2025-20233

2.5LOW

Key Information:

Vendor: Splunk
Status: Splunk App For Lookup File Editing
Vendor: CVE Published:; 26 March 2025

Summary

In versions prior to 4.0.5 of the Splunk App for Lookup File Editing, a vulnerability exists due to the misuse of the chmod and makedirs functions in Python. This flaw leads to excessive read and execute permissions, potentially allowing low-privileged users to gain unauthorized access to sensitive files or operations within the application.

Affected Version(s)

Splunk App for Lookup File Editing 4.0 < 4.0.5

References

https://advisory.splunk.com/advisories/SVD-2025-0310

CVSS V3.1

Score:

2.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Kyle Bambrick, Splunk