CVE-2025-20230

MEDIUM

Splunk Enterprise <9.4.1, 9.3.3, 9.2.5, 9.1.8 - Info Disclosure

Title source: llm

Description

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.

References (1)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2025-0307

Scores

CVSS v3 4.3

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-284

Status published

Affected Products (2)

splunk/splunk < 9.1.8

splunk/splunk_secure_gateway < 3.7.23

Timeline

Published Mar 26, 2025

Tracked Since Feb 18, 2026