CVE-2025-20368

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions 9.2.8 through 9.3.6 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118

Description A user with limited privileges, lacking administrator or power roles, can create a malicious payload through error messages and job inspection details of a saved search. This allows for the execution of unauthorized JavaScript code within a user's browser. The issue involves crafting a malicious payload that exploits the way Splunk handles saved search details and error reporting.

Recommendations Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.108 or later. Update Splunk Cloud Platform to version 9.3.2408.118 or later. Update Splunk Cloud Platform to version 9.2.2406.123 or later.