CVE-2025-20228

Published: Mar 26, 2025Modified: Jul 21, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: psirt@cisco.com (Secondary)

Description

In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8 and Splunk Cloud Platform versions below 9.2.2403.108, and 9.1.2312.204, a low-privileged user that does not hold the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).

Affected (5)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.1.0 to 9.1.8
Splunk Splunk	From 9.2.0 to 9.2.5
Splunk Splunk	From 9.3.0 to 9.3.3
Splunk Splunk Cloud Platform	From 9.1.2312 to 9.1.2312.204
Splunk Splunk Cloud Platform	From 9.2.2403.100 to 9.2.2403.107

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-0303

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.