CVE-2025-20230
MEDIUMSplunk Enterprise <9.4.1, 9.3.3, 9.2.5, 9.1.8 - Info Disclosure
Title source: llmDescription
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could edit and delete other user data in App Key Value Store (KVStore) collections that the Splunk Secure Gateway app created. This is due to missing access control and incorrect ownership of the data in those KVStore collections.<br><br>In the affected versions, the `nobody` user owned the data in the KVStore collections. This meant that there was no specific owner assigned to the data in those collections.
References (1)
Core 1
Core References
Vendor Advisory
https://advisory.splunk.com/advisories/SVD-2025-0307
Scores
CVSS v3
4.3
EPSS
0.0013
EPSS Percentile
31.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
Status
published
Products (2)
splunk/splunk
9.1.0 - 9.1.8
splunk/splunk_secure_gateway
3.7.0 - 3.7.23
Published
Mar 26, 2025
Tracked Since
Feb 18, 2026