CVE-2025-20323
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-07

Last updated on: 2025-07-21

Assigner: Cisco Systems, Inc.

Description
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-07
Last Modified
2025-07-21
Generated
2026-05-07
AI Q&A
2025-07-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-20323
EUVD
EUVD-2025-20296
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
splunk splunk From 9.1.0 (inc) to 9.1.10 (exc)
splunk splunk From 9.2.0 (inc) to 9.2.7 (exc)
splunk splunk From 9.3.0 (inc) to 9.3.5 (exc)
splunk splunk From 9.4.0 (inc) to 9.4.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Splunk Enterprise (versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10) allows a low-privileged user without 'admin' or 'power' roles to disable the scheduled search called 'Bucket Copy Trigger' within the Splunk Archiver application. This happens due to missing access controls on saved searches in the app, classified as an improper access control issue (CWE-284). [1]


How can this vulnerability impact me? :

The vulnerability allows unauthorized low-privileged users to turn off the 'Bucket Copy Trigger' scheduled search, which could disrupt normal archiving operations in Splunk Enterprise. This may lead to incomplete or delayed data archiving, potentially impacting data availability or integrity, although it does not directly affect confidentiality or availability according to the CVSS score. [1]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

No specific detection methods or commands are provided for this vulnerability in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

The recommended immediate mitigation steps are to upgrade Splunk Enterprise to fixed versions 9.4.3, 9.3.5, 9.2.7, or 9.1.10 or later. Alternatively, disabling the Splunk Archiver app reduces the vulnerability impact to informational severity. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart