CVE-2025-20297

🗓️ 02 Jun 2025 17:14:02Reported by ciscoType

Cross-Site Scripting risk in Splunk Enterprise dashboard PDF generation for specific versions.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability in the Splunk Web interface of the Splunk Enterprise operating analysis platform allows a perpetrator to execute arbitrary code.	5 Jun 202500:00	–	bdu_fstec
Circl	CVE-2025-20297	2 Jun 202517:41	–	circl
CNNVD	Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞	2 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component	2 Jun 202517:14	–	cvelist
EUVD	EUVD-2025-16671	3 Oct 202520:07	–	euvd
NVD	CVE-2025-20297	2 Jun 202518:15	–	nvd
OSV	CVE-2025-20297	2 Jun 202518:15	–	osv
Positive Technologies	PT-2025-23542 · Splunk · Splunk Cloud Platform +1	2 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-20297	4 Jun 202517:14	–	redhatcve
Vulnrichment	CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component	2 Jun 202517:14	–	vulnrichment

NVD

Node

splunk splunkRange9.2.0–9.2.6enterprise

splunk splunkRange9.3.0–9.3.4enterprise

splunk splunkRange9.4.0–9.4.2enterprise

splunk splunk_cloud_platformRange9.2.2406–9.2.2406.118

splunk splunk_cloud_platformRange9.3.2408–9.3.2408.111

splunk splunk_cloud_platformRange9.3.2411–9.3.2411.102

[
  {
    "product": "Splunk Enterprise",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.4",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.4.2"
      },
      {
        "version": "9.3",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.4"
      },
      {
        "version": "9.2",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.6"
      },
      {
        "version": "9.1",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.1.9"
      }
    ]
  },
  {
    "product": "Splunk Cloud Platform",
    "vendor": "Splunk",
    "versions": [
      {
        "version": "9.3.2411",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2411.102"
      },
      {
        "version": "9.3.2408",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.3.2408.111"
      },
      {
        "version": "9.2.2406",
        "status": "affected",
        "versionType": "custom",
        "lessThan": "9.2.2406.118"
      }
    ]
  }
]

Source	Link
advisory	www.advisory.splunk.com/advisories/SVD-2025-0601

01 Aug 2025 15:44Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.3 - 5.4

EPSS0.00337

SSVC

CWE-79