CVE-2025-20320

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.4.3 Splunk Enterprise versions prior to 9.3.5 Splunk Enterprise versions prior to 9.2.7 Splunk Enterprise versions prior to 9.1.10 Splunk Cloud Platform versions prior to 9.3.2411.107 Splunk Cloud Platform versions prior to 9.3.2408.117 Splunk Cloud Platform versions prior to 9.2.2406.121

Description: A low-privileged user could craft a malicious payload through the User Interface - Views configuration page, potentially leading to a denial of service (DoS) by exploiting a path traversal vulnerability. This allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish an administrator-level victim by tricking them into initiating a request within their browser.

Recommendations: For Splunk Enterprise versions prior to 9.4.3, update to version 9.4.3 or later. For Splunk Enterprise versions prior to 9.3.5, update to version 9.3.5 or later. For Splunk Enterprise versions prior to 9.2.7, update to version 9.2.7 or later. For Splunk Enterprise versions prior to 9.1.10, update to version 9.1.10 or later. For Splunk Cloud Platform versions prior to 9.3.2411.107, update to version 9.3.2411.107 or later. For Splunk Cloud Platform versions prior to 9.3.2408.117, update to version 9.3.2408.117 or later. For Splunk Cloud Platform versions prior to 9.2.2406.121, update to version 9.2.2406.121 or later. As a temporary workaround, consider restricting access to the User Interface - Views configuration page to minimize the risk of exploitation.