PT-2025-13017 · Splunk · Splunk App For Lookup File Editing

Kyle Bambrick

Published

2025-03-26

Updated

2025-03-27

CVE-2025-20233

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Splunk App for Lookup File Editing versions prior to 4.0.5

Description The issue is related to improper access control due to overly broad read and execute permissions. A script in the app used the chmod and makedirs Python functions in a way that could lead to improper access control for a low-privileged user.

Recommendations For versions prior to 4.0.5, update to version 4.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected script until a patch is available.

Fix

LPE

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2025-20233

Affected Products

Splunk App For Lookup File Editing

PT-2025-13017 · Splunk · Splunk App For Lookup File Editing

CVE-2025-20233

Weakness Enumeration

Related Identifiers

Affected Products

References · 7