First published: Wed Mar 26 2025(Updated: )
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.
Credit: psirt@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Splunk | <9.4.1 | |
Splunk | <9.3.3 | |
Splunk | <9.2.5 | |
Splunk | <9.1.8 | |
Splunk Cloud Platform | <9.3.2408.107 | |
Splunk Cloud Platform | <9.2.2406.112 | |
Splunk Cloud Platform | <9.2.2403.115 | |
Splunk Cloud Platform | <9.1.2312.208 | |
Splunk Cloud Platform | <9.1.2308.214 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-20227 is classified as a low-severity vulnerability.
To fix CVE-2025-20227, upgrade to Splunk Enterprise version 9.4.1 or later, or Splunk Cloud Platform version 9.3.2408.107 or later.
CVE-2025-20227 affects low-privileged users in Splunk Enterprise and Cloud versions below the specified patched versions.
Vulnerable versions include Splunk Enterprise below 9.4.1 and Splunk Cloud Platform below 9.3.2408.107.
Yes, a low-privileged user can potentially exploit CVE-2025-20227 to bypass certain security restrictions.