XML External Entity Injection Vulnerability in Splunk Enterprise and Cloud Platform
CVE-2025-20369

4.6MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Splunk Cloud Platform
Vendor: CVE Published:; 1 October 2025

What is CVE-2025-20369?

A vulnerability exists in Splunk Enterprise versions prior to 9.4.4 and Splunk Cloud Platform versions below 9.3.2411.108, allowing low privilege users to exploit XML external entity (XXE) injection through the dashboard tab label field. This could potentially lead to unauthorized access or denial of service (DoS) attacks, posing a significant risk to system integrity and availability. Users are advised to upgrade to the latest versions to mitigate this risk.

Affected Version(s)

Splunk Cloud Platform 9.3.2411 < 9.3.2411.108

Splunk Cloud Platform 9.3.2408 < 9.3.2408.118

Splunk Cloud Platform 9.2.2406 < 9.2.2406.123

References

https://advisory.splunk.com/advisories/SVD-2025-1004

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Oct 10, 2024

Credit

Eric LaMothe, Splunk

JSON