Unauthorized JavaScript Execution in Splunk Enterprise and Splunk Cloud Platform
CVE-2025-20367

5.7MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-20367?

In specific versions of Splunk Enterprise and Splunk Cloud Platform, a vulnerability allows low-privileged users to exploit the dataset.command parameter of the /app/search/table endpoint. By crafting a malicious payload, the users could execute unauthorized JavaScript code in the browsers of other users, potentially compromising user data and security. This highlights the importance of stringent input validation to protect against such exploits.

Affected Version(s)

Splunk Cloud Platform 9.3.2411 < 9.3.2411.109

Splunk Cloud Platform 9.3.2408 < 9.3.2408.119

Splunk Cloud Platform 9.2.2406 < 9.2.2406.122

References

https://advisory.splunk.com/advisories/SVD-2025-1002

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Danylo Dmytriiev (DDV_UA)

Anudeep Gandla, Splunk

JSON