CVE-2025-20231

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.1 Splunk Enterprise versions prior to 9.3.3 Splunk Enterprise versions prior to 9.2.5 Splunk Enterprise versions prior to 9.1.8 Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.8.38 Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.7.23

Description The issue allows a low-privileged user without the "admin" or "power" Splunk roles to potentially disclose sensitive information by running a search using the permissions of a higher-privileged user. This requires the attacker to trick the victim into initiating a request within their browser, indicating a phishing component. The low-privileged user cannot exploit this issue at will.

Recommendations For Splunk Enterprise versions prior to 9.4.1, update to version 9.4.1 or later. For Splunk Enterprise versions prior to 9.3.3, update to version 9.3.3 or later. For Splunk Enterprise versions prior to 9.2.5, update to version 9.2.5 or later. For Splunk Enterprise versions prior to 9.1.8, update to version 9.1.8 or later. For Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.8.38, update to version 3.8.38 or later. For Splunk Secure Gateway app on Splunk Cloud Platform versions prior to 3.7.23, update to version 3.7.23 or later.