CVE-2025-20227 - Vulnerability Details - OpenCVE

In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://advisory.splunk.com/advisories/SVD-2025-0306

History

Wed, 26 Mar 2025 22:15:00 +0000

Type	Values Removed	Values Added
Description		In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "power" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure.
Title		Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio
Weaknesses		CWE-20
References		https://advisory.splunk.com/advisories/SVD-2025-0306
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2025-03-26T22:03:50.424Z

Updated: 2025-03-26T22:03:50.424Z

Reserved: 2024-10-10T19:15:13.236Z

Link: CVE-2025-20227

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-03-26T22:15:14.637

Modified: 2025-03-26T22:15:14.637

Link: CVE-2025-20227

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20227", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2024-10-10T19:15:13.236Z", "datePublished": "2025-03-26T22:03:50.424Z", "dateUpdated": "2025-03-26T22:03:50.424Z"}, "containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"version": "9.4", "status": "affected", "versionType": "custom", "lessThan": "9.4.1"}, {"version": "9.3", "status": "affected", "versionType": "custom", "lessThan": "9.3.3"}, {"version": "9.2", "status": "affected", "versionType": "custom", "lessThan": "9.2.5"}, {"version": "9.1", "status": "affected", "versionType": "custom", "lessThan": "9.1.8"}]}, {"product": "Splunk Cloud Platform", "vendor": "Splunk", "versions": [{"version": "9.3.2408", "status": "affected", "versionType": "custom", "lessThan": "9.3.2408.107"}, {"version": "9.2.2406", "status": "affected", "versionType": "custom", "lessThan": "9.2.2406.113"}, {"version": "9.2.2403", "status": "affected", "versionType": "custom", "lessThan": "9.2.2403.115"}, {"version": "9.1.2312", "status": "affected", "versionType": "custom", "lessThan": "9.1.2312.208"}, {"version": "9.1.2308", "status": "affected", "versionType": "custom", "lessThan": "9.1.2308.214"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure."}], "value": "In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the \"admin\" or \"power\" Splunk roles could bypass the external content warning modal dialog box in Dashboard Studio dashboards which could lead to an information disclosure."}], "references": [{"url": "https://advisory.splunk.com/advisories/SVD-2025-0306"}], "title": "Information Disclosure through external content warning modal dialog box bypass in Splunk Enterprise Dashboard Studio", "datePublic": "2025-03-26T00:00:00.000Z", "metrics": [{"cvssV3_1": {"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "description": "The product does not validate or incorrectly validates input that can affect the control flow or data flow of a program.", "cweId": "CWE-20"}]}], "source": {"advisory": "SVD-2025-0306"}, "credits": [{"lang": "en", "value": "Taihei Shimamine"}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2025-03-26T22:03:50.424Z"}}}}