PT-2025-13013 · Splunk · Splunk Cloud Platform+1
Anton
·
Published
2025-03-26
·
Updated
2025-07-22
·
CVE-2025-20228
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Splunk Enterprise versions prior to 9.3.3
Splunk Enterprise versions prior to 9.2.5
Splunk Enterprise versions prior to 9.1.8
Splunk Cloud Platform versions prior to 9.2.2403.108
Splunk Cloud Platform versions prior to 9.1.2312.204
Description
A low-privileged user without the "admin" or "power" Splunk roles could change the maintenance mode state of App Key Value Store (KVStore) through a Cross-Site Request Forgery (CSRF).
Recommendations
For Splunk Enterprise versions prior to 9.3.3, update to version 9.3.3 or later.
For Splunk Enterprise versions prior to 9.2.5, update to version 9.2.5 or later.
For Splunk Enterprise versions prior to 9.1.8, update to version 9.1.8 or later.
For Splunk Cloud Platform versions prior to 9.2.2403.108, update to version 9.2.2403.108 or later.
For Splunk Cloud Platform versions prior to 9.1.2312.204, update to version 9.1.2312.204 or later.
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splunk Cloud Platform
Splunk Enterprise