CVE-2025-20367

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions prior to 9.3.6 Splunk Enterprise versions prior to 9.2.8 Splunk Cloud Platform versions prior to 9.3.2411.109 Splunk Cloud Platform versions prior to 9.3.2408.119 Splunk Cloud Platform versions prior to 9.2.2406.122

Description A user with limited privileges, lacking 'admin' or 'power' roles within Splunk, can create a malicious payload. This payload is delivered through the dataset.command parameter of the /app/search/table API endpoint. Successful exploitation allows the execution of unauthorized JavaScript code within a user's web browser.

Recommendations Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.109 or later. Update Splunk Cloud Platform to version 9.3.2408.119 or later. Update Splunk Cloud Platform to version 9.2.2406.122 or later.