CVE-2025-20300

07.07.2025, 18:15

In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cisco	CNA	4.3 MEDIUM				CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Vendor	Product	Version
splunk	splunk	9.1.0 ≤ 𝑥 < 9.1.9
splunk	splunk	9.2.0 ≤ 𝑥 < 9.2.6
splunk	splunk	9.3.0 ≤ 𝑥 < 9.3.5
splunk	splunk	9.4.0 ≤ 𝑥 < 9.4.2
splunk	splunk_cloud_platform	9.2.2406 ≤ 𝑥 < 9.2.2406.118
splunk	splunk_cloud_platform	9.3.2408 ≤ 𝑥 < 9.3.2408.112
splunk	splunk_cloud_platform	9.3.2411 ≤ 𝑥 < 9.3.2411.103

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://advisory.splunk.com/advisories/SVD-2025-0708