cbcvebase.
CVE-2025-20320
published 2025-07-07

CVE-2025-20320: In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a…

PriorityP341high7.3CVSS 3.1
AVNACLPRLUIRSUCNIHAH
EPSS
0.37%
28.5th percentile
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

Affected

17 ranges
VendorProductVersion rangeFixed in
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_kernel_5.10.102.1-1_on_cbl_mariner_1.0
splunksplunk>= 9.1.0 < 9.1.109.1.10
splunksplunk>= 9.2.0 < 9.2.79.2.7
splunksplunk>= 9.3.0 < 9.3.59.3.5
splunksplunk>= 9.4.0 < 9.4.39.4.3
splunksplunk_cloud_platform>= 9.2.2406 < 9.2.2406.1219.2.2406.121
splunksplunk_cloud_platform>= 9.3.2408 < 9.3.2408.1179.3.2408.117
splunksplunk_cloud_platform>= 9.3.2411 < 9.3.2411.1079.3.2411.107
splunksplunk_enterprise>= 9.1 < 9.1.109.1.10
splunksplunk_enterprise>= 9.2 < 9.2.79.2.7
splunksplunk_enterprise>= 9.3 < 9.3.59.3.5
splunksplunk_enterprise>= 9.4 < 9.4.39.4.3
splunksplunk_enterprise_cloud>= 9.2.2406 < 9.2.2406.1219.2.2406.121
splunksplunk_enterprise_cloud>= 9.3.2408 < 9.3.2408.1179.3.2408.117
splunksplunk_enterprise_cloud>= 9.3.2411 < 9.3.2411.1079.3.2411.107

CVSS provenance

nvdv3.17.3HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.