CVE-2025-20320

Denial of Service (DoS) through “User Interface - Views“ configuration page in Splunk Enterprise

Severity Score

6.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7 and 9.1.10, and Splunk Cloud Platform versions below 9.3.2411.107, 9.3.2408.117, and 9.2.2406.121, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the `User Interface - Views` configuration page that could potentially lead to a denial of service (DoS).The user could cause the DoS by exploiting a path traversal vulnerability that allows for deletion of arbitrary files within a Splunk directory. The vulnerability requires the low-privileged user to phish the administrator-level victim by tricking them into initiating a request within their browser. The low-privileged user should not be able to exploit the vulnerability at will.

En las versiones de Splunk Enterprise anteriores a 9.4.3, 9.3.5, 9.2.7 y 9.1.10, y de Splunk Cloud Platform anteriores a 9.3.2411.107, 9.3.2408.117 y 9.2.2406.121, un usuario con privilegios bajos que no tenga los roles de administrador o de alto nivel de Splunk podría manipular un payload malicioso a través de la página de configuración "Interfaz de usuario - Vistas", lo que podría provocar una denegación de servicio (DoS). El usuario podría causar la denegación de servicio (DoS) explotando una vulnerabilidad de path traversal que permite la eliminación de archivos arbitrarios dentro de un directorio de Splunk. La vulnerabilidad requiere que el usuario con privilegios bajos suplante a la víctima con nivel de administrador, engañándola para que inicie una solicitud en su navegador. El usuario con privilegios bajos no debería poder explotar la vulnerabilidad a voluntad.

*Credits: Danylo Dmytriiev (DDV_UA)

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-10-10 CVE Reserved
2025-07-07 CVE Published
2025-07-08 CVE Updated
2025-07-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-35: Path Traversal: '.../...//'

CAPEC

References (1)

URL	Tag	Source
https://advisory.splunk.com/advisories/SVD-2025-0703

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.4.0 < 9.4.3 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.4.0 < 9.4.3"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.3.0 < 9.3.5 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.3.0 < 9.3.5"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.2.0 < 9.2.7 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.2.0 < 9.2.7"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Search vendor "Splunk" for product "Splunk Enterprise"				>= 9.1.0 < 9.1.10 Search vendor "Splunk" for product "Splunk Enterprise" and version " >= 9.1.0 < 9.1.10"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Cloud Search vendor "Splunk" for product "Splunk Enterprise Cloud"				>= 9.3.2411.0 < 9.3.2411.107 Search vendor "Splunk" for product "Splunk Enterprise Cloud" and version " >= 9.3.2411.0 < 9.3.2411.107"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Cloud Search vendor "Splunk" for product "Splunk Enterprise Cloud"				>= 9.3.2408.0 < 9.3.2408.117 Search vendor "Splunk" for product "Splunk Enterprise Cloud" and version " >= 9.3.2408.0 < 9.3.2408.117"		en		Affected
Splunk Search vendor "Splunk"		Splunk Enterprise Cloud Search vendor "Splunk" for product "Splunk Enterprise Cloud"				>= 9.2.2406.0 < 9.2.2406.121 Search vendor "Splunk" for product "Splunk Enterprise Cloud" and version " >= 9.2.2406.0 < 9.2.2406.121"		en		Affected