CVE-2025-20369

CWE-776XML Entity Expansion (Billion Laughs)CWE-611XML External Entity (XXE)3 documents3 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 80.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Splunk Splunk Cloud PlatformSplunk Splunk EnterpriseSplunk Splunk
Timeline
PublishedOct 1

Description

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.108, 9.3.2408.118 and 9.2.2406.123, a low privilege user that does not hold the "admin" or "power" Splunk roles could perform an extensible markup language (XML) external entity (XXE) injection through the dashboard tab label field. The XXE injection has the potential to cause denial of service (DoS) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:LExploitability: 2.1 | Impact: 2.5

Affected Packages4 packages

CVEListV5splunk/splunk_cloud_platform9.3.24119.3.2411.108+2
NVDsplunk/splunk_cloud_platform9.2.24069.2.2406.123+2
CVEListV5splunk/splunk_enterprise10.010.0.0+3
NVDsplunk/splunk9.2.09.2.8+2

🔴Vulnerability Details

2
CVEList
Extensible Markup Language (XML) External Entity Injection (XXE) through Dashboard label field on Splunk Enterprise2025-10-01
GHSA
GHSA-7xvq-vm2p-4r2f: In Splunk Enterprise versions below 92025-10-01