CVE-2025-20233

Published: Mar 26, 2025Modified: Aug 1, 2025

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the `chmod` and `makedirs` Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user.

Affected (1)

Products: Splunk: Splunk App For Lookup File Editing

1 product

Splunk App For Lookup File Editing

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk App For Lookup File Editing	From 4.0.0 to 4.0.5

Related CWEs

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-0310

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.