CVE-2025-20323Improper Access Control in Enterprise

CWE-284Improper Access Control3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 82.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Splunk EnterpriseSplunk
Timeline
PublishedJul 7

Description

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5splunk/splunk_enterprise9.49.4.3+3
NVDsplunk/splunk9.1.09.1.10+3

🔴Vulnerability Details

2
CVEList
Missing Access Control of Saved Searches in the Splunk Archiver app2025-07-07
GHSA
GHSA-mmpr-prc4-7pjc: In Splunk Enterprise versions below 92025-07-07
CVE-2025-20323 — Improper Access Control in Splunk | cvebase