CVE-2025-20297

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.2 Splunk Enterprise versions prior to 9.3.4 Splunk Enterprise versions prior to 9.2.6 Splunk Cloud Platform versions prior to 9.3.2411.102 Splunk Cloud Platform versions prior to 9.3.2408.111 Splunk Cloud Platform versions prior to 9.2.2406.118

Description A low-privileged user without the "admin" or "power" Splunk roles could craft a malicious payload through the "pdfgen/render" REST endpoint, potentially resulting in the execution of unauthorized JavaScript code in a user's browser.

Recommendations For Splunk Enterprise versions prior to 9.4.2, update to version 9.4.2 or later. For Splunk Enterprise versions prior to 9.3.4, update to version 9.3.4 or later. For Splunk Enterprise versions prior to 9.2.6, update to version 9.2.6 or later. For Splunk Cloud Platform versions prior to 9.3.2411.102, update to version 9.3.2411.102 or later. For Splunk Cloud Platform versions prior to 9.3.2408.111, update to version 9.3.2408.111 or later. For Splunk Cloud Platform versions prior to 9.2.2406.118, update to version 9.2.2406.118 or later. As a temporary workaround, consider restricting access to the "pdfgen/render" REST endpoint until a patch is available.