CVE-2025-20369

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.4.4 Splunk Enterprise versions 9.2.8 through 9.3.6 Splunk Cloud Platform versions prior to 9.3.2411.108 Splunk Cloud Platform versions 9.2.2406.123 through 9.3.2408.118

Description A user with limited privileges, lacking administrative or power roles within Splunk, may be able to inject XML external entities (XXE) through the dashboard tab label field. This XXE injection could potentially lead to denial of service (DoS) attacks. An XML external entity (XXE) injection is a web security issue that allows attackers to interfere with an application's processing of XML data.

Recommendations Update Splunk Enterprise to version 9.4.4 or later. Update Splunk Enterprise to version 9.3.6 or later. Update Splunk Enterprise to version 9.2.8 or later. Update Splunk Cloud Platform to version 9.3.2411.108 or later. Update Splunk Cloud Platform to version 9.3.2408.118 or later. Update Splunk Cloud Platform to version 9.2.2406.123 or later.