The vulnerability of the mobile device registration and mobile application deployment mechanism of Splunk Secure Gateway, a platform for operational analytics in Splunk Enterprise, arises from deficiencies in access control. This vulnerability allows an attacker to gain read, modify, or delete access to data stored in the KV Store (Key Value Store).

Access control flaws in Splunk Gateway mobile registration and deployment allow read, modify, or delete KV Store data.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2025-20230	27 Mar 202502:26	–	circl
CNNVD	Splunk 访问控制错误漏洞	26 Mar 202500:00	–	cnnvd
CVE	CVE-2025-20230	26 Mar 202522:24	–	cve
Cvelist	CVE-2025-20230 Missing Access Control and Incorrect Ownership of Data in App Key Value Store (KVStore) collections in the Splunk Secure Gateway App	26 Mar 202522:24	–	cvelist
EUVD	EUVD-2025-8429	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform	27 Mar 202509:18	–	ncsc
NVD	CVE-2025-20230	26 Mar 202523:15	–	nvd
OSV	CVE-2025-20230	26 Mar 202523:15	–	osv
RedhatCVE	CVE-2025-20230	28 Mar 202522:40	–	redhatcve
Tenable Nessus	Splunk Enterprise 9.1.0 < 9.1.8, 9.2.0 < 9.2.5, 9.3.0 < 9.3.3, 9.4.0 < 9.4.1 (SVD-2025-0307)	26 Mar 202500:00	–	nessus