CVE-2025-20300

Published: Jul 7, 2025Modified: Jul 21, 2025

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: psirt@cisco.com (Secondary)

Description

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Affected (7)

Products: Splunk: Splunk, Splunk Cloud Platform

Splunk

2 products

Splunk

Splunk Cloud Platform

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Splunk Splunk	From 9.1.0 to 9.1.9
Splunk Splunk	From 9.2.0 to 9.2.6
Splunk Splunk	From 9.3.0 to 9.3.5
Splunk Splunk	From 9.4.0 to 9.4.2
Splunk Splunk Cloud Platform	From 9.2.2406 to 9.2.2406.118
Splunk Splunk Cloud Platform	From 9.3.2408 to 9.3.2408.112
Splunk Splunk Cloud Platform	From 9.3.2411 to 9.3.2411.103

Related CWEs

CWE-863

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (1)

https://advisory.splunk.com/advisories/SVD-2025-0708

Source: psirt@cisco.com

Vendor Advisory

Timeline

No history available yet.