CVE-2025-20300
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-07

Last updated on: 2025-07-21

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.6, and 9.1.9 and Splunk Cloud Platform versions below 9.3.2411.103, 9.3.2408.112, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles, and has read-only access to a specific alert, could suppress that alert when it triggers. See [Define alert suppression groups to throttle sets of similar alerts](https://help.splunk.com/en/splunk-enterprise/alert-and-respond/alerting-manual/9.4/manage-alert-trigger-conditions-and-throttling/define-alert-suppression-groups-to-throttle-sets-of-similar-alerts).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-07
Last Modified
2025-07-21
Generated
2026-05-07
AI Q&A
2025-07-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20300
EUVD
EUVD-2025-20304
Affected Vendors & Products
Showing 7 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.1.0 (inc) to 9.1.9 (exc)
splunk splunk From 9.2.0 (inc) to 9.2.6 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.5 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.2 (exc)
splunk splunk_cloud_platform From 9.2.2406 (inc) to 9.2.2406.118 (exc)
splunk splunk_cloud_platform From 9.3.2408 (inc) to 9.3.2408.112 (exc)
splunk splunk_cloud_platform From 9.3.2411 (inc) to 9.3.2411.103 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-20300 is a medium-severity vulnerability in Splunk Enterprise and Splunk Cloud Platform where a low-privileged user who does not have 'admin' or 'power' roles but has read-only access to a specific alert can suppress that alert when it triggers. This is due to improper access control in the Splunk Web component, allowing unauthorized alert suppression. [1]


How can this vulnerability impact me? :

This vulnerability can allow unauthorized users with limited privileges to suppress alerts that they should only be able to view. This could lead to missed or ignored alerts, potentially causing delayed responses to important security or operational events, thereby impacting the reliability of monitoring and incident response. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

No detection methods are currently available for this vulnerability. [1]


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade Splunk Enterprise to versions 9.4.2, 9.3.5, 9.2.6, or 9.1.9, or upgrade Splunk Cloud Platform to the corresponding fixed versions. As a workaround, disabling Splunk Web may reduce exposure. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart