CVE-2025-20300

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.1%
top 82.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Splunk Cloud PlatformSplunk Splunk EnterpriseSplunk Splunk
Timeline
PublishedJul 7

Description

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-c

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

CVEListV5splunk/splunk_enterprise9.49.4.2+3
CVEListV5splunk/splunk_cloud_platform9.2.24069.2.2406.119+2
NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.118+2
NVDsplunk/splunk9.1.09.1.9+3

🔴Vulnerability Details

2
CVEList
Improper Access Control Lets Low-Privilege Users Suppress Read-Only Alerts in Splunk Enterprise2025-07-07
GHSA
GHSA-85xx-v6p7-pv64: In Splunk Enterprise versions below 92025-07-07
CVE-2025-20300 (MEDIUM CVSS 4.3) | In Splunk Enterprise versions below | cvebase.io