CVE-2025-20227

🗓️ 26 Mar 2025 22:03:50Reported by ciscoType

Vulnerability in Splunk allows low-privileged user to bypass warning, risking information disclosure.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-20227	26 Mar 202522:25	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 输入验证错误漏洞	26 Mar 202500:00	–	cnnvd
Cvelist	CVE-2025-20227 Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio	26 Mar 202522:03	–	cvelist
EUVD	EUVD-2025-8426	3 Oct 202520:07	–	euvd
NCSC	Vulnerabilities fixed in Splunk Enterprise and Splunk Cloud Platform	27 Mar 202509:18	–	ncsc
NVD	CVE-2025-20227	26 Mar 202522:15	–	nvd
Positive Technologies	PT-2025-13012 · Splunk · Splunk Cloud Platform +1	26 Mar 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20227	28 Mar 202522:41	–	redhatcve
Tenable Nessus	Splunk Enterprise 9.1.0 < 9.1.8, 9.2.0 < 9.2.5, 9.3.0 < 9.3.3, 9.4.0 < 9.4.1 (SVD-2025-0306)	26 Mar 202500:00	–	nessus
Vulnrichment	CVE-2025-20227 Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio	26 Mar 202522:03	–	vulnrichment

NVD

Node

splunk splunkRange9.1.0–9.1.8enterprise

splunk splunkRange9.2.0–9.2.4enterprise

splunk splunkRange9.3.0–9.3.3enterprise

splunk splunkMatch9.4.0enterprise

splunk splunk_cloud_platformRange9.1.2308–9.1.2308.214

splunk splunk_cloud_platformRange9.1.2312–9.1.2312.208

splunk splunk_cloud_platformRange9.2.2403–9.2.2403.115

splunk splunk_cloud_platformRange9.2.2406.100–9.2.2406.113

splunk splunk_cloud_platformRange9.3.2408.100–9.3.2408.107

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.1"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.3"
      },
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.5"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.8"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.3.2408",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2408.107"
      },
      {
        "version": "9.2.2406",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2406.113"
      },
      {
        "version": "9.2.2403",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2403.115"
      },
      {
        "version": "9.1.2312",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2312.208"
      },
      {
        "version": "9.1.2308",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.2308.214"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2025-0306

21 Jul 2025 20:51Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.14.3

EPSS0.00103

SSVC

CWE-20

cve-2025-20227 splunk versions vulnerability information disclosure low-privileged user dashboard