Alert Suppression Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2025-20300

4.3MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 7 July 2025

What is CVE-2025-20300?

A vulnerability exists in certain versions of Splunk Enterprise and Splunk Cloud Platform where low-privileged users, lacking admin or power roles, can suppress alerts they have only read-only access to. This could potentially hinder the visibility of critical alerts, affecting overall security monitoring and incident response. For detailed mitigation and configuration options, refer to Splunk's official advisory.

Affected Version(s)

Splunk Cloud Platform 9.3.2411 < 9.3.2411.103

Splunk Cloud Platform 9.3.2408 < 9.3.2408.112

Splunk Cloud Platform 9.2.2406 < 9.2.2406.119

References

https://advisory.splunk.com/advisories/SVD-2025-0708

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 7, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Anton (therceman)